Lucene search

[email protected]CVE-2022-34551

HistoryJul 27, 2022 - 2:15 p.m.

CVE-2022-34551

2022-07-2714:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-34551

sims v1.0

path traversal

attachments

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

27.0%

JSON

Sims v1.0 was discovered to allow path traversal when downloading attachments.

Affected configurations

NVD

Node

sims_projectsimsMatch1.0

CPENameOperatorVersion
sims_project:simssims project simseq1.0

CPE	Name	Operator	Version
sims_project:sims	sims project sims	eq	1.0

References

cwe.mitre.org/data/definitions/23.html

github.com/rawchen/sims/issues/7

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

27.0%

JSON

Related for CVE-2022-34551

cvelist1 prion1 nvd1