CVE-2013-4374

CWE-668 — Exposure to Wrong Sphere CWE-3775 documents5 sources

Severity

7.1HIGH

EPSS

0.1%

top 72.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat RHQ Mongo DB Drift Server RHQ Mongo DB Drift Server RHQ Mongo DB Drift Server Redhat Jboss Operations Network

Timeline

PublishedNov 4

Latest updateMay 5

Description

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDredhat/rhq_mongo_db_drift_server2013-09-25

▶CVEListV5rhq_mongo_db_drift_server/rhq_mongo_db_drift_serverthrough 2013-09-25

▶NVDredhat/jboss_operations_network3.1

🔴Vulnerability Details

GHSA

GHSA-wp6c-p3vm-q9jm: An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files↗2022-05-05

▶

CVEList

CVE-2013-4374: An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files↗2019-11-04

▶

📋Vendor Advisories

Red Hat

Server: Malicious change set import due to insecure temporary file usage↗2015-02-06

▶

💬Community

Bugzilla

CVE-2013-4374 RHQ Mongo DB Drift Server: Malicious change set import due to insecure temporary file usage↗2013-09-25

▶