Lucene search

[email protected]CVE-2021-44665

HistoryFeb 24, 2022 - 9:15 p.m.

CVE-2021-44665

2022-02-2421:15:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2021-44665

directory traversal

xerte project

security vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.1%

JSON

A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.

CPENameOperatorVersion
xerte:xertexertele3.10.3

CPE	Name	Operator	Version
xerte:xerte	xerte	le	3.10.3

References

packetstormsecurity.com/files/166181/Xerte-3.10.3-Directory-Traversal.html

github.com/thexerteproject/xerteonlinetoolkits/commit/48a9880c6ac38f4d215f9143baf3d6e6062a1871

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for CVE-2021-44665

osv1 cnvd1 prion1 zdt1 packetstorm1 exploitdb1