CVE-2018-25068 MEDIUM

CVE-2018-25068: devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp file

Vendor Devent

Product globalpom-utils

Weakness CWE-377

Published January 6, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.

Key dates

Disclosure timeline

January 6, 2023 CVE published

April 10, 2025 Record updated

Identifiers

CVE CVE-2018-25068

CWE CWE-377

CVSS 6.3 / MEDIUM

Affected versions

Vendor Devent

Product globalpom-utils

Affected 4.0

Vendor Devent

Product globalpom-utils

Affected 4.1

Vendor Devent

Product globalpom-utils

Affected 4.2

Vendor Devent

Product globalpom-utils

Affected 4.3

Vendor Devent

Product globalpom-utils

Affected 4.4

Vendor Devent

Product globalpom-utils

Affected 4.5