Lucene search

MitreCVE-2022-39838

HistorySep 05, 2022 - 4:15 p.m.

CVE-2022-39838

2022-09-0516:15:08

CWE-22

mitre

web.nvd.nist.gov

systematic fix

alfafx

cve-2022-39838

security vulnerability

remote file inclusion

path traversal

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.005

Percentile

77.7%

JSON

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.

Affected configurations

Nvd

Node

systematicalphasystematic_fix_adapter_firmwareMatch2.4.0.25

AND

systematicalphasystematic_fix_adapterMatch-

VendorProductVersionCPE
systematicalphasystematic_fix_adapter_firmware2.4.0.25cpe:2.3:o:systematicalpha:systematic_fix_adapter_firmware:2.4.0.25:*:*:*:*:*:*:*
systematicalphasystematic_fix_adapter-cpe:2.3:h:systematicalpha:systematic_fix_adapter:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
systematicalpha	systematic_fix_adapter_firmware	2.4.0.25	cpe:2.3:o:systematicalpha:systematic_fix_adapter_firmware:2.4.0.25:::::::*
systematicalpha	systematic_fix_adapter	-	cpe:2.3:h:systematicalpha:systematic_fix_adapter:-:::::::*

References

systematicalpha.com/company

systematicalpha.com/trading-programs/systematic-alpha-fx-master-fund

github.com/jet-pentest/CVE-2022-39838

Social References

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.005

Percentile

77.7%

JSON

Related for CVE-2022-39838