Lucene search

[email protected]CVE-2010-3099

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3099

2022-10-0316:20:57

CWE-22

[email protected]

web.nvd.nist.gov

cve

2010

3099

directory traversal

vulnerability

smartsoft ltd

smartftp client

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.2%

JSON

Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "…" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

smartftpsmartftpRange≤4.0.1124.0

CPENameOperatorVersion
smartftp:smartftpsmartftple4.0.1124.0

CPE	Name	Operator	Version
smartftp:smartftp	smartftp	le	4.0.1124.0

References

secunia.com/advisories/40899

www.htbridge.ch/advisory/directory_traversal_in_smartftp.html

www.smartftp.com/forums/index.php?/topic/16425-smartftp-client-40-change-log/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.2%

JSON

Related for CVE-2010-3099

nvd1 cvelist1 prion1 htbridge1