CVE-2018-7217 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tejari	Bravo Solution	-

Related Weaknesses (CWE)

CWE-434

References

http://seclists.org/bugtraq/2018/Feb/38Mailing ListThird Party Advisory
https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.htmlThird Party AdvisoryVDB Entry
http://seclists.org/bugtraq/2018/Feb/38Mailing ListThird Party Advisory
https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.htmlThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-7217?

CVE-2018-7217 is a vulnerability with a CVSS score of 8.8 (HIGH). In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and uploa...

How severe is CVE-2018-7217?

CVE-2018-7217 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7217?

Check the references section above for vendor advisories and patch information. Affected products include: Tejari Bravo Solution.