Lucene search

[email protected]CVE-2022-39833

HistoryNov 23, 2022 - 6:15 p.m.

CVE-2022-39833

2022-11-2318:15:12

[email protected]

web.nvd.nist.gov

cve-2022-39833

filecloud

remote code execution

unauthorized access

api

http request

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.7%

JSON

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.

Affected configurations

NVD

Node

filecloudfilecloudRange20.2–21.3.7.18607

CPENameOperatorVersion
filecloud:filecloudfilecloudlt21.3.7.18607

CPE	Name	Operator	Version
filecloud:filecloud	filecloud	lt	21.3.7.18607

References

gist.github.com/DylanGrl/4b4e0d53bb7626b2ab3f834ec5a2b23c

www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution

Social References

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2022-39833

prion1 cvelist1 nvd1