CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 3CVE-2018-13140 – Antidote 9.5.1 Code Execution
https://notcve.org/view.php?id=CVE-2018-13140
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages. Druide Antidote hasta la versión 9.5.1 en Windows y Linux permite la ejecución remota de código mediante el mecanismo de actualización aprovechando el uso de HTTP para descargar paquetes de instalación. Antidote versions 9.5.1 and below suffer from an update related code execution vulnerability. • http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html http://seclists.org/fulldisclosure/2018/Sep/38 https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component • CWE-319: Cleartext Transmission of Sensitive Information •