Path traversal

2022-09-2018:15:00

PRIOn knowledge base

www.prio-n.com

safe software fme server

path traversal

vulnerability

fmedataupload

0.002 Low

EPSS

Percentile

61.3%

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.

CPENameOperatorVersion
fme_serverlt2021.2.6
fme_serverge2022.0.0.0
fme_serverlt2022.0.1

Name	Operator	Version
fme_server	lt	2021.2.6
fme_server	ge	2022.0.0.0
fme_server	lt	2022.0.1

References

community.safe.com/s/article/Known-Issue-Arbitrary-file-upload-with-any-authenticated-FME-Server-account

community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload

www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/

0.002 Low

EPSS

Percentile

61.3%

Related for PRION:CVE-2022-38340