Hey, The Path Traversal vulnerability was found in the component of the Bomgar Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar applet that is hosted at https://TARGET/api/content/JavaStart.jar on the vulnerable RSP deployments. The JavaStart version 52970 and prior were confirmed to be vulnerable. Analysis of the applet revealed that App.class suffers from a Path Traversal vulnerability. The vulnerable class makes a call to a File() constructor and uses the value specified in the "url" parameter as an argument. The "url" parameter is specified in the HTML tag which passes arguments to applets embedded on web sites using an
No comments:
Post a Comment