Abstract Advisory Information
An endpoint is vulnerable to arbitrary file write, leading to potential remote code execution.
Authors: Thomas PIANEZZOLA
Version affected
Name: JUMP AMS
Versions: 3.6.0.04.009-2487
Common Vulnerability Scoring System
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Patches
Main Version:
3.7.0.13.000
Services Packs:
3.7.0.10.012 LTS
3.7.0.12.002
References
Vulnerability Disclosure Timeline
- 31/03/2021: Vulnerability discovery
- 16/04/2021: Vulnerability Report to CERT-XLM
- 22/04/2021: Vulnerability Report to JUMP
- 22/04/2021: JUMP acknowledgment
- 03/05/2021: Request CVE IDs to Mitre
- 04/05/2021: Got CVE IDs from Mitre
- 21/07/2021: JUMP patch release
- 30/07/2021: Public Vulnerability disclosure