CVE-2018-1000048
First published: Fri Feb 09 2018(Updated: )
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NASA RtRetrievalFramework | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for NASA RtRetrievalFramework version v1.0?
The vulnerability ID for NASA RtRetrievalFramework version v1.0 is CVE-2018-1000048.
What is the severity of CVE-2018-1000048?
The severity of CVE-2018-1000048 is high with a severity value of 8.8.
What is the CWE ID for the vulnerability in NASA RtRetrievalFramework version v1.0?
The CWE ID for the vulnerability in NASA RtRetrievalFramework version v1.0 is CWE-502.
How does the vulnerability in NASA RtRetrievalFramework version v1.0 impact the system?
The vulnerability in NASA RtRetrievalFramework version v1.0 can result in remote code execution.
Is there a fix available for the vulnerability in NASA RtRetrievalFramework version v1.0?
There is no specific fix mentioned, but updating to a patched version or applying the suggested mitigations may help address the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nasa
- canonical/nasa rtretrievalframework
- version/nasa rtretrievalframework/1.0