ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
References
Link | Resource |
---|---|
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/ | Broken Link |
https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03 | Third Party Advisory US Government Resource |
https://www.pcvuesolutions.com/security | Vendor Advisory |
https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1 | Permissions Required Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Kaspersky
Published: 2020-11-03T00:00:00
Updated: 2021-01-11T15:15:36
Reserved: 2020-10-07T00:00:00
Link: CVE-2020-26867
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-12T14:15:12.260
Modified: 2022-10-19T17:26:39.293
Link: CVE-2020-26867
JSON object: View
Redhat Information
No data.
CWE