5.5

CVE-2022-3969

Exploit

OpenKM FileUtils.java getFileExtension temp file

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenkmOpenkm Version < 6.3.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.403
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 2.6 1.2 1.4
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-377 Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

https://github.com/openkm/document-management-system/commit/c069e4d73ab8864345c25119d8459495f45453e1
Patch
Third Party Advisory
https://github.com/openkm/document-management-system/pull/332
Patch
Third Party Advisory
Exploit
https://github.com/openkm/document-management-system/releases/tag/v6.3.12
Third Party Advisory
Release Notes
https://vuldb.com/?id.213548
Third Party Advisory
Permissions Required