CVE-2020-25172 B. Braun OnlineSuite

2020-11-0616:09:16

CWE-23

icscert

www.cve.org

b. braun onlinesuite

path traversal attack

arbitrary file access

cve-2020-25172

unauthenticated attackers

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

59.6%

JSON

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.

CNA Affected

[
  {
    "product": "OnlineSuite",
    "vendor": "B. Braun Melsungen AG",
    "versions": [
      {
        "lessThanOrEqual": "3.0",
        "status": "affected",
        "version": "AP",
        "versionType": "custom"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsma-20-296-01