Lucene search

[email protected]NVD:CVE-2023-39611

HistoryFeb 02, 2024 - 10:15 a.m.

CVE-2023-39611

2024-02-0210:15:08

CWE-22

[email protected]

web.nvd.nist.gov

software fx

chart fx 7

local file read

crafted web requests

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

36.9%

JSON

An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.

Affected configurations

Nvd

Node

softwarefxchart_fxMatch7.0.4962.20829

VendorProductVersionCPE
softwarefxchart_fx7.0.4962.20829cpe:2.3:a:softwarefx:chart_fx:7.0.4962.20829:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
softwarefx	chart_fx	7.0.4962.20829	cpe:2.3:a:softwarefx:chart_fx:7.0.4962.20829:::::::*

References

medium.com/%40arielbreisacher/my-chart-fx-7-software-investigation-journey-leading-to-a-directory-traversal-vulnerability-067cdcd3f2e9

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

36.9%

JSON

Related for NVD:CVE-2023-39611

prion1 cvelist1 vulnrichment1 cve1