CVE-2022-1958

EPSS 0.68%
Veröffentlicht 15.06.2022 10:15:10
Zuletzt bearbeitet 21.11.2024 06:41:50
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

FileCloud NTFS access control

A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Filecloud ≫ Filecloud Version >= 21.2 < 21.3.5.18513

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.474

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://vuldb.com/?ctiid.201960

Third Party Advisory

https://vuldb.com/?id.201960

Third Party Advisory

https://www.filecloud.com/supportdocs/fcdoc/2v/server/security-advisories/2022-security-advisories/advisory-2022-06-01-potential-unauthorized-data-access-when-using-network-folders-with-ntfs-permissions

Vendor Advisory

https://www.scip.ch/?news.20220615

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1958

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1958

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1958

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-1958