CVE-2020-29441 Information

Description

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases this attack may consume the available database space (Denial of Service) corrupt legitimate data if files are being processed asynchronously or deny access to legitimate uploaded files.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Reference

https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

LOW

Base Severity

6.5