A vulnerability has been identified in the OpenCascade NCMS component. The vulnerability could be exploited by injecting data into the vulnerable component through input supplied by users. An attacker could then convince a user to open a specially crafted file, or use the file to attempt to exploit the vulnerability. (ZDI-17-150) The following vendors have released software updates to address this issue: A vulnerability has been identified in the OpenCascade NCMS component. The vulnerability could be exploited by injecting data into the vulnerable component through input supplied by users. An attacker could then convince a user to open a specially crafted file, or use the file to attempt to exploit the vulnerability. (ZDI-17-150) The following vendors have released software updates to address this issue: Oracle
RedHat RedHat. A vulnerability has been identified in the OpenCascade API. The vulnerability could be exploited by an attacker to inject HTML or script code into the website through a browser. (ZDI-17-153) The following vendors have released software updates to address this issue: RedHat RedHat. A vulnerability has been identified in the OpenCascade API. The vulnerability could be exploited by an attacker to inject HTML or script code into the website through a browser. (ZDI-17-153) The following vendors have released software updates to address this issue: Oracle
Symantec Symantec. A vulnerability has been identified in the OpenCascade API
Vulnerable packages: OpenCascade
OpenCascade. A vulnerability has been identified in the OpenCascade API. The vulnerability could be exploited by an attacker to inject HTML or script code into the website through a browser. (ZDI-17-153) The following vendors have released software updates to address this issue: Oracle
Symantec
Vulnerability Summary
A vulnerability has been identified in the OpenCascade NCMS component. The vulnerability could be exploited by injecting data into the vulnerable component through input supplied by users. An attacker could then convince a user to open a specially crafted file, or use the file to attempt to exploit the vulnerability.
The following vendors have released software updates to address this issue: Oracle
RedHat RedHat. A vulnerability has been identified in the OpenCascade API. The vulnerability could be exploited by an attacker to inject HTML or script code into the website through a browser.
The following vendors have released software updates to address this issue: Oracle
Symantec Symantec. A vulnerability has been identified in the OpenCascade API
Vulnerable components: What to work on
OpenCascade is a powerful library that can be used to create a wide variety of applications. As such, there are some vulnerabilities in the component.
Vulnerable components:
The OpenCascade NCMS component
The OpenCascade API
Timeline
Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:13:00 UTC