Lucene search

MitreCVE-2023-26559

HistoryApr 14, 2023 - 1:15 p.m.

CVE-2023-26559

2023-04-1413:15:07

CWE-22

mitre

web.nvd.nist.gov

cve-2023-26559

oxygen xml web author

content fusion

directory traversal

vulnerability

security

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.)

Affected configurations

Nvd

Node

syncoxygen_content_fusionRange<5.0.3

syncoxygen_xml_web_authorRange<23.1.1.4

syncoxygen_xml_web_authorRange24.0.0.0–24.1.0.3

syncoxygen_xml_web_authorRange25.0.0.0–25.1.0.3

VendorProductVersionCPE
syncoxygen_content_fusion*cpe:2.3:a:sync:oxygen_content_fusion:*:*:*:*:*:*:*:*
syncoxygen_xml_web_author*cpe:2.3:a:sync:oxygen_xml_web_author:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sync	oxygen_content_fusion	*	cpe:2.3:a:sync:oxygen_content_fusion::::::::
sync	oxygen_xml_web_author	*	cpe:2.3:a:sync:oxygen_xml_web_author::::::::

References

oxygenxml.com

www.oxygenxml.com/security/advisory/SYNC-2023-042301.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Related for CVE-2023-26559