CVE-2018-11137: Path Traversal
First published: Thu May 31 2018(Updated: )
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest KACE Systems Management Appliance | =8.0.318 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-11137?
CVE-2018-11137 is considered critical due to its potential for unauthorized file access through Directory Traversal.
How do I fix CVE-2018-11137?
To fix CVE-2018-11137, update the Quest KACE System Management Appliance to the latest version that includes security patches.
What are the potential impacts of CVE-2018-11137?
Exploitation of CVE-2018-11137 could lead to unauthorized information disclosure by allowing attackers to read sensitive files.
Which versions of the Quest KACE System Management Appliance are affected by CVE-2018-11137?
CVE-2018-11137 specifically affects Quest KACE System Management Appliance version 8.0.318.
Do I need administrator privileges to exploit CVE-2018-11137?
No, exploiting CVE-2018-11137 does not require administrator privileges, making it particularly concerning for security.
- agent/event
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/quest
- canonical/quest kace systems management appliance
- version/quest kace systems management appliance/8.0.318