Description
If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
Active
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
Low
Availability (Subsequent System)
Low
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Six Apart Ltd. / Movable Type Advanced (Software Edition)8.0.2 to 8.0.8 (8.0 series) – 8.0.2 to 8.0.8 (8.0 series)
- Six Apart Ltd. / Movable Type Advanced (Software Edition)9.0.4 to 9.0.5 (9.0 series) – 9.0.4 to 9.0.5 (9.0 series)
- Six Apart Ltd. / Movable Type Advanced (Software Edition)8.8.0 to 8.8.1 (8.8 series) – 8.8.0 to 8.8.1 (8.8 series)
- Six Apart Ltd. / Movable Type (Cloud Edition)9.0.5 (9 series) – 9.0.5 (9 series)
- Six Apart Ltd. / Movable Type (Cloud Edition)8.8.1 (8 series) – 8.8.1 (8 series)
- Six Apart Ltd. / Movable Type Premium (Advanced Edition) (Software Edition)9.0.4 (MTP 9.0 series) – 9.0.4 (MTP 9.0 series)
- Six Apart Ltd. / Movable Type Premium (Advanced Edition) (Software Edition)2.13 and earlier (MTP 2 series) – 2.13 and earlier (MTP 2 series)
- Six Apart Ltd. / Movable Type Premium (Cloud Edition)9.0.5 (9 series) – 9.0.5 (9 series)
- Six Apart Ltd. / Movable Type Premium (Cloud Edition)2.12 (MTP 2 series) – 2.12 (MTP 2 series)
- Six Apart Ltd. / Movable Type Premium (Software Edition)2.13 and earlier (MTP 2 series) – 2.13 and earlier (MTP 2 series)
- Six Apart Ltd. / Movable Type Premium (Software Edition)9.0.4 (MTP 9.0 series) – 9.0.4 (MTP 9.0 series)
- Six Apart Ltd. / Movable Type (Software Edition)9.0.4 to 9.0.5 (9.0 series) – 9.0.4 to 9.0.5 (9.0 series)
- Six Apart Ltd. / Movable Type (Software Edition)8.0.2 to 8.0.8 (8.0 series) – 8.0.2 to 8.0.8 (8.0 series)
- Six Apart Ltd. / Movable Type (Software Edition)8.8.0 to 8.8.1 (8.8 series) – 8.8.0 to 8.8.1 (8.8 series)