Lucene search

PRIOn knowledge basePRION:CVE-2022-36431

HistoryDec 01, 2022 - 6:15 a.m.

Design/Logic Flaw

2022-12-0106:15:00

PRIOn knowledge base

www.prio-n.com

file upload

vulnerability

rocket trufusion enterprise

arbitrary code

jsp file

unauthenticated

issue fixed

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

JSON

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1.

CPENameOperatorVersion
trufusionlt7.9.6.1

CPE	Name	Operator	Version
	trufusion	lt	7.9.6.1

References

docs.rocketsoftware.com/bundle/TRUfusionEnterprise_ReleaseNotes_V7.9.6.1/resource/TRUfusionEnterprise_ReleaseNotes_V7.9.6.1.pdf

www.synacktiv.com/sites/default/files/2022-11/trufusion_enterprise_unauthenticated_arbitrary_file_write.pdf