Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.144820
Category:Web application abuses
Title:XWiki < 11.10.6, 12.x < 12.5 RCE Vulnerability
Summary:XWiki is prone to a remote code execution vulnerability.
Description:Summary:
XWiki is prone to a remote code execution vulnerability.

Vulnerability Insight:
Any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to
the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and
invoke methods that may lead to arbitrary code execution.

Affected Software/OS:
XWiki prior to version 11.10.6 or 12.5.

Solution:
Update to version 11.10.6, 12.5 or later.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-15252
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.