PT-2022-12201 · Opmantek · Open-Audit

Published

2022-01-03

Updated

2022-01-11

CVE-2021-44674

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Opmantek Open-AudIT version 4.2.0

Description An information exposure issue has been discovered, allowing an authenticated attacker to read files outside of the restricted directory.

Recommendations For Opmantek Open-AudIT version 4.2.0, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, review and limit the permissions of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-44674

Affected Products

Open-Audit

PT-2022-12201 · Opmantek · Open-Audit

CVE-2021-44674

Weakness Enumeration

Related Identifiers

Affected Products

References · 7