NComputing vSpace Pro におけるパストラバーサルの脆弱性
| Title |
NComputing vSpace Pro におけるパストラバーサルの脆弱性
|
| Summary |
NComputing vSpace Pro には、パストラバーサルの脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
May 10, 2018, midnight |
| Registration Date |
June 4, 2018, 5:54 p.m. |
| Last Update |
June 4, 2018, 5:54 p.m. |
|
CVSS3.0 : 重要
|
| Score |
7.5
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
CVSS2.0 : 警告
|
| Score |
5
|
| Vector |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
Affected System
| NComputing |
|
vSpace Pro 10
|
|
vSpace Pro 11
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年06月04日] 掲載 |
June 4, 2018, 10:51 a.m. |
NVD Vulnerability Information
CVE-2018-10201
| Summary |
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
|
| Publication Date |
April 20, 2018, 5:29 p.m. |
| Registration Date |
March 1, 2021, 6:41 p.m. |
| Last Update |
Nov. 21, 2024, 12:41 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:ncomputing:vspace_pro:11:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List