Incorrect Type Conversion or Cast
CVE-2018-19027
Summary
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-704 - Incorrect Type Conversion or Cast
The software does not correctly convert an object, resource, or structure from one type to a different type.
References
Advisory Timeline
- Published