PT-2020-7389 · Amazon · Aws Xms

Published

2020-01-27

Updated

2020-01-29

CVE-2013-2474

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: AWS XMS version 2.5

Description: A directory traversal issue allows remote attackers to view arbitrary files by manipulating the what parameter.

Recommendations: For AWS XMS version 2.5, avoid using the what parameter in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to sensitive files to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2013-2474

Affected Products

Aws Xms

PT-2020-7389 · Amazon · Aws Xms

CVE-2013-2474

Weakness Enumeration

Related Identifiers

Affected Products

References · 5