Lucene search

[email protected]NVD:CVE-2022-39838

HistorySep 05, 2022 - 4:15 p.m.

CVE-2022-39838

2022-09-0516:15:08

CWE-22

[email protected]

web.nvd.nist.gov

systematic fix adapter

alfafx

remote file inclusion

absolute path traversal

unc share pathname

local pathnames

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.005

Percentile

77.7%

JSON

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.

Affected configurations

Nvd

Node

systematicalphasystematic_fix_adapter_firmwareMatch2.4.0.25

AND

systematicalphasystematic_fix_adapterMatch-

VendorProductVersionCPE
systematicalphasystematic_fix_adapter_firmware2.4.0.25cpe:2.3:o:systematicalpha:systematic_fix_adapter_firmware:2.4.0.25:*:*:*:*:*:*:*
systematicalphasystematic_fix_adapter-cpe:2.3:h:systematicalpha:systematic_fix_adapter:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
systematicalpha	systematic_fix_adapter_firmware	2.4.0.25	cpe:2.3:o:systematicalpha:systematic_fix_adapter_firmware:2.4.0.25:::::::*
systematicalpha	systematic_fix_adapter	-	cpe:2.3:h:systematicalpha:systematic_fix_adapter:-:::::::*

References

systematicalpha.com/company

systematicalpha.com/trading-programs/systematic-alpha-fx-master-fund

github.com/jet-pentest/CVE-2022-39838

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.005

Percentile

77.7%

JSON

Related for NVD:CVE-2022-39838

prion1 cvelist1 cve1