Lucene search

[email protected]CVE-2014-2575

HistoryJun 06, 2014 - 2:55 p.m.

CVE-2014-2575

2014-06-0614:55:04

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-2575

directory traversal

devexpress

aspxfilemanager

asp.net

webforms

mvc

remote authentication

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a … (dot dot) in the __EVENTARGUMENT parameter.

Affected configurations

NVD

Node

devexpressaspxfilemanager_control_for_webforms_and_mvcRange≤13.1.9

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.3

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.4

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.5

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.6

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.8

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.9

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.10

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch10.2.11

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.4

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.5

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.6

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.7

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.8

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.9

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.10

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.11

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.1.12

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.5

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.7

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.8

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.10

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.11

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.12

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.13

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch11.2.14

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.4

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.5

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.6

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.7

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.8

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.9

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.10

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.11

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.1.12

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.4

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.5

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.6

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.7

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.8

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.10

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.11

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.12

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.13

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.15

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch12.2.16

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.1

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.1.4

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.1.5

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.1.6

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.1.7

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.1.8

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.2

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.2.5

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.2.6

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.2.7

devexpressaspxfilemanager_control_for_webforms_and_mvcMatch13.2.8

CPENameOperatorVersion
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvcle13.1.9
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.3
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.4
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.5
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.6
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.8
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.9
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.10
devexpress:aspxfilemanager_control_for_webforms_and_mvcdevexpress aspxfilemanager control for webforms and mvceq10.2.11

CPE	Name	Operator	Version
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	le	13.1.9
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.3
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.4
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.5
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.6
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.8
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.9
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.10
devexpress:aspxfilemanager_control_for_webforms_and_mvc	devexpress aspxfilemanager control for webforms and mvc	eq	10.2.11