Описание
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:10.6\(1\)_base:*:*:*:*:*:*:*
cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:10.6\(2\)_base:*:*:*:*:*:*:*
cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:10.6\(3\)_base:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00543
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
EPSS
Процентиль: 67%
0.00543
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22