2 matches found
CVE-2020-9353
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...
CVE-2020-9353
SmartClient 12.0 contains an unauthenticated Local File Inclusion in the RPC loadFile console tool, exposed at /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall). The vulnerability arises from directory-traversal patterns in the elem XML element within the _transaction parameter, allo...