Improper Input Validation

CVE-2018-19005

High

7.8/10

Summary

Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Advisory Timeline

Published Dec 20, 2018

Improper Input Validation

CVE-2018-19005

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS