Lucene search

[email protected]CVE-2023-49108

HistoryDec 04, 2023 - 6:15 a.m.

CVE-2023-49108

2023-12-0406:15:07

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-49108

path traversal

vulnerability

rakrak document plus

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.1%

JSON

Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.

Affected configurations

NVD

Node

sei-inforakrak_document_plusRange3.2.0.0–6.1.1.3a

sei-inforakrak_document_plusRange6.1.1.3a–6.4.0.7

CPENameOperatorVersion
sei-info:rakrak_document_plussei-info rakrak document pluslt6.1.1.3a
sei-info:rakrak_document_plussei-info rakrak document plusle6.4.0.7

CPE	Name	Operator	Version
sei-info:rakrak_document_plus	sei-info rakrak document plus	lt	6.1.1.3a
sei-info:rakrak_document_plus	sei-info rakrak document plus	le	6.4.0.7

CNA Affected

[
  {
    "vendor": "Sumitomo Electric Information Systems Co., Ltd.",
    "product": "RakRak Document Plus",
    "versions": [
      {
        "version": "Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN46895889/

rakrak.jp/RakDocSupport/rkspServlet

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.1%

JSON

Related for CVE-2023-49108

cvelist1 prion1 nvd1 jvn1