Partner Software File Upload Vulnerability Allowing Device Compromise

Vulnerability

A vulnerability exists in Partner Software's Partner Software application and Partner Web application, both in version 4.32.2, due to inadequate sanitization of files uploaded on the 'reports' tab. This flaw enables an authenticated attacker to upload a malicious file, potentially compromising the device. The software typically operates with SYSTEM privileges, which amplifies the severity of the issue.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, allowing for potential device compromise with SYSTEM-level privileges.

Added: Aug 2, 2025, 3:18 AM

Updated: Aug 2, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Partner Software File Upload Vulnerability Allowing Device Compromise

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating