2.7
CVE-2023-50785
- EPSS 0.73%
- Veröffentlicht 25.01.2024 06:15:50
- Zuletzt bearbeitet 21.11.2024 08:37:18
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7200
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7201
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7202
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7203
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7210
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7211
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7212
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7213
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7215
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7220
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7250
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7251
Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7260
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.717 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.