Vulnerability Details : CVE-2018-7217
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request.
Products affected by CVE-2018-7217
- cpe:2.3:a:tejari:bravo_solution:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7217
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7217
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-7217
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7217
-
https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html
Tejari Arbitrary File Upload ≈ Packet StormThird Party Advisory;VDB Entry
-
http://seclists.org/bugtraq/2018/Feb/38
Bugtraq: Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File UploadMailing List;Third Party Advisory
Jump to