exploitDog

CVE-2021-33576

Опубликовано: 18 июн. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.

Ссылки

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md
Exploit
Third Party Advisory
https://www.cleo.com/cleo-lexicom
Product
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md
Exploit
Third Party Advisory
https://www.cleo.com/cleo-lexicom
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cleo:lexicom:5.5.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00631

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-83pw-wxhw-r33r

github

больше 3 лет назад

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.

EPSS

Процентиль: 70%

0.00631

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22