7.8

CVE-2014-2352

Cogent DataHub Path Traversal

The directory specifier can include designators that can be used to 
traverse the directory path. Exploiting this vulnerability may enable an
 attacker to access a limited number of hardcoded file types. Further 
exploitation of this vulnerability may allow an attacker to cause the 
web server component to enter a denial-of-service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CogentdatahubCogent Datahub Version <= 7.3.4
CogentdatahubCogent Datahub Version7.0
CogentdatahubCogent Datahub Version7.0.2
CogentdatahubCogent Datahub Version7.1.0
CogentdatahubCogent Datahub Version7.1.1
CogentdatahubCogent Datahub Version7.1.1.63
CogentdatahubCogent Datahub Version7.1.2
CogentdatahubCogent Datahub Version7.2.2
CogentdatahubCogent Datahub Version7.3.0
CogentdatahubCogent Datahub Version7.3.1
CogentdatahubCogent Datahub Version7.3.2
CogentdatahubCogent Datahub Version7.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
ics-cert@hq.dhs.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:C/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02
US Government Resource
http://cogentdatahub.com/Download_Software.html
https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02