CVE-2023-39026

Опубликовано: 22 авг. 2023

Источник: nvd

CVSS3: 7.5

EPSS Высокий

Описание

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.

Ссылки

http://packetstormsecurity.com/files/174491/FileMage-Gateway-1.10.9-Local-File-Inclusion.html
https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html
Exploit
Third Party Advisory
https://www.filemage.io/docs/updates.html#change-log
Release Notes
http://packetstormsecurity.com/files/174491/FileMage-Gateway-1.10.9-Local-File-Inclusion.html
https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html
Exploit
Third Party Advisory
https://www.filemage.io/docs/updates.html#change-log
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:filemage:filemage:*:*:*:*:*:*:*:*

Версия до 1.10.8 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.81462

Высокий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-6m35-6x4j-hxjg