CVE-2018-19234

2018-12-2017:00:00

mitre

www.cve.org

8.8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.9%

JSON

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.

References

packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html

seclists.org/fulldisclosure/2018/Nov/55

seclists.org/bugtraq/2018/Nov/37

www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/