CVE-2018-17170

HIGH

Grouptime Teamwire Desktop Client <1.9.0 - Code Injection

Title source: llm

Description

Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://research.hisolutions.com/2019/06/web-vulnerabilities-are-coming-to-the-desktop-template-injections-lead-to-rce-in-teamwire/

Scores

CVSS v3 8.1

EPSS 0.0259

EPSS Percentile 83.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

teamwire/teamwire 1.5.1 - 1.9.0

Published Jun 28, 2019

Tracked Since Feb 18, 2026