CVE-2025-5390
5/31/2025 7:15:20 PM
2 روز قبل
2 روز قبل
1
Reporter :cna@vuldb.com
Modified :5/31/2025 7:15:20 PM
Problem Data :CWE-266
Description
A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Cvss Version 2.0
6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Cvss Version 3.1
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
Cvss Version 4.0
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Vulnerability Complexity | Low |
| Vulnerability Impact | Low |
EPSS
| Epss Score | 0.00032 |
|---|---|
| Epss Percentile | 0.07538 |
ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.
پیشنهادات:
- به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
- از بروزرسانی های آتی این آسیب پذیری مطلع شوید.