VYPR
Unrated severityNVD Advisory· Published Sep 18, 2020· Updated Aug 4, 2024

Code Injection in Rapid7 AppSpider Pro Installer

CVE-2020-7358

Description

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.

Affected products

2
  • Rapid7/Appspider Prollm-fuzzy2 versions
    <7.2.126+ 1 more
    • (no CPE)range: <7.2.126
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.