Tool/software:
We performed a risk assessment of software Uniflash version 8.8.0.
Our assessment identified 2 Remote Code Execution findings associated with the following components:
Component |
Threat Vector |
Path |
Lodash 3.10.1 |
Remote Code Execution (RCE) BDSA-2020-3839
and many other CVEs CVE-2020-8239 CVE-2021-23337 CVE-2018-3721 |
uniflash/public/lib/lodash/lodash.js
uniflash/public/lib/lodash/lodash.min.js |
SQLite JDBC 3.21.0 |
Remote Code Execution (RCE) CVE-2023-32697 |
deskdb/content/TICloudAgent/win/ccs_base/emulation/analysis/traceplugin-Repo.zip |
I have the following questions:
- Could you please confirm if these components are impacted?
- If they are not impacted, could you please provide a rationale as to why?
- If they are impacted, do you have a security patch to address these vulnerabilities?