exploitDog

CVE-2022-27906

Опубликовано: 25 мар. 2022

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory.

Ссылки

https://insinuator.net/2022/03/a-tale-of-an-oftp2-vulnerability/
Technical Description
Third Party Advisory
https://mendelson-e-c.com/node/3355
Release Notes
Vendor Advisory
https://insinuator.net/2022/03/a-tale-of-an-oftp2-vulnerability/
Technical Description
Third Party Advisory
https://mendelson-e-c.com/node/3355
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mendelson:oftp2:*:*:*:*:*:*:*:*

Версия до 1.1b43 (исключая)

EPSS

Процентиль: 60%

0.004

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-fxrm-2v78-3qr9

CVSS3: 5.9

github

почти 4 года назад

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory.

EPSS

Процентиль: 60%

0.004

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-22