CVE-2020-29441 — HIGH (7.2)

Q: How severe is CVE-2020-29441?

CVE-2020-29441 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-29441?

Check the references section above for vendor advisories and patch information. Affected products include: Outsystems Outsystems.

Vulnerability Description

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Outsystems	Outsystems	>= 10, < 10.0.1019.0

Related Weaknesses (CWE)

CWE-434

References

https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPVendor Advisory
https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPVendor Advisory

FAQ

What is CVE-2020-29441?

CVE-2020-29441 is a vulnerability with a CVSS score of 7.2 (HIGH). An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available ...

How severe is CVE-2020-29441?

CVE-2020-29441 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-29441?

Check the references section above for vendor advisories and patch information. Affected products include: Outsystems Outsystems.