Lucene search

TwcertCVELIST:CVE-2022-26675

HistoryApr 07, 2022 - 6:22 p.m.

CVE-2022-26675 aEnrich a+HRD - Path Traversal

2022-04-0718:22:42

CWE-22

twcert

www.cve.org

cve-2022-26675

enrich a+hrd

path traversal

authentication bypass

remote attacker

filtering

url

path traversal attacks

arbitrary files

website root directory

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

68.2%

JSON

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.

CNA Affected

[
  {
    "product": "a+HRD",
    "vendor": "aEnrich",
    "versions": [
      {
        "status": "affected",
        "version": "6.8"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

68.2%

JSON

Related for CVELIST:CVE-2022-26675