exploitDog

CVE-2020-13377

Опубликовано: 12 мая 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.

Ссылки

https://inf0seq.github.io/cve/2020/04/21/Path-Traversal-in-Enterprise-loadbalancer-VA-MAX-v8.3.8-and-earlier.html
Exploit
Third Party Advisory
https://www.loadbalancer.org/products/virtual/enterprise-va-max/
Product
https://inf0seq.github.io/cve/2020/04/21/Path-Traversal-in-Enterprise-loadbalancer-VA-MAX-v8.3.8-and-earlier.html
Exploit
Third Party Advisory
https://www.loadbalancer.org/products/virtual/enterprise-va-max/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:loadbalancer:enterprise_va_max:*:*:*:*:*:*:*:*

Версия до 8.3.8 (включая)

EPSS

Процентиль: 39%

0.00178

Низкий

8.1 High

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-8g8c-49hq-vg6g

CVSS3: 8.1

github

больше 2 лет назад

The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.

EPSS

Процентиль: 39%

0.00178

Низкий

8.1 High

CVSS3

Дефекты

CWE-22

CWE-22