CVE-2022-1359

Name of the Vulnerable Software and Affected Versions On-Premise cnMaestro (affected versions not specified)

Description The issue allows for an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplies path traversal characters (../) as part of a filename, the server will save the file where the attacker chooses, potentially allowing an attacker to write any data to any file in the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.