CVE-2017-12815

CRITICAL

Bomgar Remote Support Portal JavaStart.jar < 52790 - Path Traversal and Arbitrary File Manipulation via Malicious Applet

Title source: llm
STIX 2.1

Description

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541885/100/0/threaded

Scores

CVSS v3 10.0
EPSS 0.0199
EPSS Percentile 78.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
bomgar/remote_support
Published Mar 26, 2018
Tracked Since Feb 18, 2026