CVE-2018-12631

Name of the Vulnerable Software and Affected Versions Redatam7 (affected versions not specified)

Description The issue allows remote attackers to read arbitrary files via the /redbin/rpwebutilities.exe/text API endpoint using directory traversal. Specifically, the LFN parameter is vulnerable to this type of attack, allowing access to files outside the intended directory.

Recommendations As a temporary workaround, consider restricting access to the /redbin/rpwebutilities.exe/text API endpoint until a patch is available. Avoid using the LFN parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.