CVE-2020-7358
Summary
| CVE | CVE-2020-7358 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-18 15:15:00 UTC |
| Updated | 2020-09-28 18:36:00 UTC |
| Description | In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. |
Risk And Classification
Problem Types: CWE-427
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| help.rapid7.com/appspider/release-notes/index.html | MISC | help.rapid7.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: This issue was discovered and reported by Mishra Dhiraj.
There are currently no legacy QID mappings associated with this CVE.