CVE-2022-27906

Name of the Vulnerable Software and Affected Versions Mendelson OFTP2 versions prior to 1.1 b43

Description The issue allows an attacker to perform a directory traversal attack. To exploit this, the attacker must be aware of one of the configured Odette IDs of the OFTP2 server. This enables the attacker to upload files to the server in locations outside of the intended upload directory.

Recommendations For Mendelson OFTP2 versions prior to 1.1 b43, update to version 1.1 b43 or later to resolve the issue. As a temporary workaround, consider restricting access to the configured Odette IDs to minimize the risk of exploitation.