Path traversal

2021-06-1811:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.

CPENameOperatorVersion
lexicomeq5.5.0.0

CPE	Name	Operator	Version
	lexicom	eq	5.5.0.0

References

github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md

www.cleo.com/cleo-lexicom