Vulnerabilities > CVE-2018-18987 - Deserialization of Untrusted Data vulnerability in Invt Vt-Designer 2.1.7.31

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
invt
CWE-502
NVD
Published: 2018-11-30
Updated: 2018-12-27

Summary

VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.

Vulnerable Configurations

Part Description Count
Application
Invt
1

Common Weakness Enumeration (CWE)

References