Incorrect Type Conversion or Cast

CVE-2018-19027

High

7.8/10

Summary

Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-704 - Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

References

Advisory Timeline

Published Jan 30, 2019

Incorrect Type Conversion or Cast

CVE-2018-19027

Summary

CWE-704 - Incorrect Type Conversion or Cast

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS