7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.008 Low
EPSS
Percentile
81.6%
JSZip is used by IBM Safer Payments as part of the user interface. This vulnerability has been addressed.
CVEID:CVE-2022-48285
**DESCRIPTION:**JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync
, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files and execute arbitrary commands on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s): IBM Safer Payments
Version(s): 6.1.1.01 and above, 6.2.2.01 and above, 6.3.1.01 - 6.3.1.03, 6.4.2.00 - 6.4.2.02 and 6.5.0.00
Update IBM Safer Payments to version 6.3.1.04, 6.4.2.03, 6.5.0.01 or higher.
Refer to the IBM Safer Payments documentation to download the updates.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm safer payments | eq | 6.1 | |
ibm safer payments | eq | 6.2 | |
ibm safer payments | eq | 6.3 | |
ibm safer payments | eq | 6.4 | |
ibm safer payments | eq | 6.5 |
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.008 Low
EPSS
Percentile
81.6%