CVE-2019-14312 — MEDIUM (6.5)

Vulnerability Description

Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Aptana	Jaxer	1.0.3.4547

Related Weaknesses (CWE)

CWE-22

References

http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-IExploitThird Party AdvisoryVDB Entry
https://github.com/aptana/Jaxer/commits/masterPatchThird Party Advisory
http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-IExploitThird Party AdvisoryVDB Entry
https://github.com/aptana/Jaxer/commits/masterPatchThird Party Advisory

FAQ

What is CVE-2019-14312?

CVE-2019-14312 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a...

How severe is CVE-2019-14312?

CVE-2019-14312 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14312?

Check the references section above for vendor advisories and patch information. Affected products include: Aptana Jaxer.