Описание
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:checkpoint:mobile_access:-:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:remote_access_vpn:-:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:checkpoint:gaia_os:r81.10:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-35
CWE-22
Связанные уязвимости
CVSS3: 5
github
6 месяцев назад
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
EPSS
Процентиль: 22%
0.00073
Низкий
5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-35
CWE-22