CVE-2017-12815
CRITICALBomgar Remote Support Portal JavaStart.jar < 52790 - Path Traversal and Arbitrary File Manipulation via Malicious Applet
Title source: llmDescription
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541885/100/0/threaded
Scores
CVSS v3
10.0
EPSS
0.0199
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
bomgar/remote_support
Published
Mar 26, 2018
Tracked Since
Feb 18, 2026