Описание
Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до x4.3.0 (включая)
Одно из
cpe:2.3:a:vsecurity:tandberg_video_communication_server:*:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vsecurity:tandberg_video_communication_server:x4.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01712
Низкий
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php.
EPSS
Процентиль: 82%
0.01712
Низкий
4 Medium
CVSS2
Дефекты
CWE-200