Описание
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
Ссылки
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 18.0.2.315 (исключая)
Одновременно
cpe:2.3:a:3cx:3cx:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00544
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
почти 3 года назад
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
EPSS
Процентиль: 67%
0.00544
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22