7.5
CVE-2022-24241
- EPSS 1.11%
- Veröffentlicht 02.06.2022 14:15:36
- Zuletzt bearbeitet 21.11.2024 06:50:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aceware ≫ Aceweb Online Portal Version < 3.5.068
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.11% | 0.615 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
http://aceware.com
http://aceweb.com
https://www.aceware.com/forum/viewtopic.php?f=7&t=481