Vulnerability Details CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.037
EPSS Ranking 87.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2019-14768
-
cpe:2.3:a:dimo-crm:yellowbox_crm:*