Unauthenticated Local Help Command Injection in Eclipse Platform

Unauthenticated Local Help Command Injection in Eclipse Platform

CVE-2020-27225 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

Learn more about our Web App Pen Testing.