Vulnerability Description
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Globalpom-Utils Project | Globalpom-Utils | < 4.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/devent/globalpom-utils/commit/77a820bac2f68e662ce261ecb050c64Patch
- https://github.com/devent/globalpom-utils/releases/tag/globalpomutils-4.5.1Release Notes
- https://vuldb.com/?ctiid.217570Third Party Advisory
- https://vuldb.com/?id.217570Third Party Advisory
- https://github.com/devent/globalpom-utils/commit/77a820bac2f68e662ce261ecb050c64Patch
- https://github.com/devent/globalpom-utils/releases/tag/globalpomutils-4.5.1Release Notes
- https://vuldb.com/?ctiid.217570Third Party Advisory
- https://vuldb.com/?id.217570Third Party Advisory
FAQ
What is CVE-2018-25068?
CVE-2018-25068 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/...
How severe is CVE-2018-25068?
CVE-2018-25068 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25068?
Check the references section above for vendor advisories and patch information. Affected products include: Globalpom-Utils Project Globalpom-Utils.