Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rhj5-wv7v-f365

Опубликовано: 31 янв. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentitylQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentitylQ 8.1 and all 8.1 patch levels prior to 8.1p7, Identity|Q 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentitylQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentitylQ 8.1 and all 8.1 patch levels prior to 8.1p7, Identity|Q 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

Ссылки

EPSS

Процентиль: 68%
0.00563
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-46835

Дефекты

CWE-22

Связанные уязвимости

nvd логотип

CVE-2022-46835

CVSS3: 8.8
nvd
около 3 лет назад

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

EPSS

Процентиль: 68%
0.00563
Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-46835

Дефекты

CWE-22