CVE-2023-45278

Name of the Vulnerable Software and Affected Versions Yamcs version 5.8.6

Description The issue allows attackers to delete arbitrary files via crafted HTTP DELETE request to the storage functionality of the API. This is achieved through a Directory Traversal vulnerability.

Recommendations For Yamcs version 5.8.6, as a temporary workaround, consider restricting access to the storage functionality of the API to minimize the risk of exploitation. Avoid using crafted HTTP DELETE requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.