Lucene search

China National Vulnerability DatabaseCNVD-2022-76232

HistoryNov 05, 2022 - 12:00 a.m.

Apache UIMA path traversal vulnerability

2022-11-0500:00:00

China National Vulnerability Database

www.cnvd.org.cn

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

JSON

Apache UIMA is a component-based software architecture from the Apache Foundation. A path traversal vulnerability exists in Apache UIMA 3.3.0 and earlier, which stems from relative path traversal and can be exploited to create files outside of a specified destination directory using carefully crafted ZIP entry names.

CPENameOperatorVersion
apache unstructured information management architecturele3.3.0

CPE	Name	Operator	Version
	apache unstructured information management architecture	le	3.3.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

JSON

Related for CNVD-2022-76232