5.5

CVE-2022-3969

Exploit

EPSS 0.08%
Veröffentlicht 13.11.2022 08:15:15
Zuletzt bearbeitet 21.11.2024 07:20:38
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openkm ≫ Openkm Version < 6.3.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.247

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	2.6	1.2	1.4	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-377 Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

https://github.com/openkm/document-management-system/commit/c069e4d73ab8864345c25119d8459495f45453e1

Patch

Third Party Advisory

https://github.com/openkm/document-management-system/pull/332

Patch

Third Party Advisory

Exploit

https://github.com/openkm/document-management-system/releases/tag/v6.3.12

Third Party Advisory

Release Notes

https://vuldb.com/?id.213548

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-3969

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3969

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3969

EUVD