Successful exploitation could cause the application to crash, leak data, or cause other forms of damage. Users are advised to review the id parameter for potential SQL injection scenarios. A total of 14 vendors were affected by this vulnerability. Vendors who have released products with this software vulnerability include BBG Software, CatCAT, IQVIA, MasterCAT, Mediapro, Omnilog, Oracle, Proximity, SEV, and SOT. Further details about specific vendor releases can be obtained by reviewing the Vendors Matrix entry for this issue. UPDATE: On November 14, 2018, MasterCAT released a patch for this vulnerability.

MasterCAT Software - XmlRpc Remote Code Execution Vulnerabilities

Overview:

This vulnerability exists in MasterCAT Software's XML-RPC server software. Successful exploitation could cause the application to crash, leak data, or cause other forms of damage.
Users are advised to review the id parameter for potential SQL injection scenarios. A total of 14 vendors were affected by this vulnerability. Vendors who have released products with this software vulnerability include BBG Software, CatCAT, IQVIA, MasterCAT, Mediapro, Omnilog, Oracle, Proximity, SEV, and SOT. Further details about specific vendor releases can be obtained by reviewing the Vendors Matrix entry for this issue. UPDATE: On November 14, 2018, MasterCAT released a patch for this vulnerability.

MasterCAT Software - XmlRpc Remote Code Execution Vulnerabilities

Summary

This advisory provides information on the MasterCAT Software XMLRPC remote code execution vulnerability, CVE-2022-36712. This vulnerability is documented in CVE-2018-1059, CVE-2018-1060, and CVE-2018-1061 and is also known as XmlRpc Remote Code Execution Vulnerability: V105.

MasterCAT Software released two patches for this vulnerability on November 14th 2018.

Overview: MasterCAT Software - XmlRpc Remote Code Execution Vulnerabilities

A total of 14 vendors were affected by this vulnerability. Vendors who have released products with this software vulnerability include BBG Software, CatCAT, IQVIA, MasterCAT, Mediapro, Omnilog, Oracle, Proximity, SEV, and SOT. Further details about specific vendor releases can be obtained by reviewing the Vendors Matrix entry for this issue.

MasterCAT released a patch for this vulnerability on November 14th 2018

Overview

Recently, MasterCAT Software issued an advisory that their software was vulnerable to remote code execution vulnerabilities. In the advisory, they noted a total of 14 vendors were affected by this vulnerability.

If exploited, these vulnerabilities could allow for the attacker to crash the application, leak data, or cause other forms of damage. Users are advised to review the id parameter for potential SQL injection scenarios.

Timeline

Published on: 08/30/2022 00:15:00 UTC
Last modified on: 09/01/2022 06:54:00 UTC

References