CVE-2018-5223

HIGH Year: 2018
CVSS v3 Score
7.2
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability.

Related Vulnerabilities

CVE-2011-3611

HIGH
CVSS:7.2(High)

A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.

CWE-202011

CVE-2014-5362

HIGH
CVSS:7.2(High)

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ...

CWE-202014

CVE-2015-2202

HIGH
CVSS:7.2(High)

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CWE-202015

CVE-2016-3654

HIGH
CVSS:7.2(High)

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote aut...

CWE-202016

CVE-2016-5840

HIGH
CVSS:7.2(High)

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename ...

CWE-202016

CVE-2017-12148

HIGH
CVSS:7.2(High)

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacke...

CWE-202017