exploitDog

GHSA-63gp-xmc5-8vfv

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.6

Описание

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.

Ссылки

EPSS

Процентиль: 87%

0.03159

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2017-5143

CVSS3: 8.6

nvd

почти 9 лет назад

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.

EPSS

Процентиль: 87%

0.03159

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-22