Studio
CVE-2020-25802
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
AnalysisAI
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-913. Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. Affected products include: Craftercms Studio. Version information: prior to 3.0.27.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
WireMock is a tool for mocking HTTP services. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploi
Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exp
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticat
WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitab
INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations. Rated medium severity (CV
WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 5.4), this vulnerability is no authentication
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today