CVE-2020-11420

Name of the Vulnerable Software and Affected Versions UPS Adapter CS141 versions prior to 1.90

Description The issue allows an attacker with Admin or Engineer login credentials to exploit the vulnerability by manipulating variables that reference files, achieving access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but the integrity of the files is not jeopardized as the attacker has read access rights only.

Recommendations For versions prior to 1.90, update to version 1.90 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.