๐ Medium CVE-2020-9353: Smartclient Smartclient
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: cxsecurity.com
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. ...