First published: Mon Nov 30 2020(Updated: )
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Outsystems Outsystems | >=10<10.0.1019.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-29441 is high with a CVSS base score of 6.5.
CVE-2020-29441 allows an unauthenticated attacker to upload arbitrary files and may consume the available database space (Denial of Service) or corrupt legitimate data if files are being processed asynchronously.
OutSystems Platform 10 before version 10.0.1019.0 is affected by CVE-2020-29441.
Yes, upgrading to OutSystems Platform version 10.0.1019.0 or later will fix CVE-2020-29441.
More information about CVE-2020-29441 can be found at the following URL: https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310