Vulnerabilities > CVE-2018-20221 - Deserialization of Untrusted Data vulnerability in Deltek Ajera

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
deltek
CWE-502
exploit available

Summary

Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:46086
last seen2019-01-07
modified2019-01-07
published2019-01-07
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46086
titleAjera Timesheets 9.10.16 - Deserialization of Untrusted Data

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/151035/ajerats91016-deserialize.txt
idPACKETSTORM:151035
last seen2019-01-08
published2019-01-07
reporterAnthony Cole
sourcehttps://packetstormsecurity.com/files/151035/Ajera-Timesheets-9.10.16-Deserialization.html
titleAjera Timesheets 9.10.16 Deserialization