CVE-2020-7008

Summary

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources.

Affected Software

VendorProductVersion RangeStatus
VISAMVBASE Editor11.5.0.2affected
VISAMVBASE Web-Remote Moduleallaffected

Weaknesses

  • CWE-23: RELATIVE PATH TRAVERSAL CWE-23

ADP Enrichment

CVE Program Container

Additional References

References