3 matches found
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
SmartClient 12.0 RPC console feature (saveFile) exposes an unauthenticated path-traversal vulnerability in the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall endpoint. An XML comment and /.. traversal can be exploited to overwrite files, as described across multiple sources (e.g., C...