CVE-2019-14362

high-risk
Published 2019-07-28

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.

Do I need to act?

-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp
Openbravo Erp

Affected Vendors

Openbravo

References (6)

Third Party Advisory https://grep.blog/directory-traversal-openbravo/
Exploit https://issues.openbravo.com/view.php?id=41413
Exploit https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/
Third Party Advisory https://grep.blog/directory-traversal-openbravo/
Exploit https://issues.openbravo.com/view.php?id=41413
Exploit https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/
55
/ 100
high-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical