CVE-2022-29597

Name of the Vulnerable Software and Affected Versions Solutions Atlantic Regulatory Reporting System (RRS) version v500

Description The issue allows any authenticated user to reference internal system files within requests made to the "RRSWeb/maint/ShowDocument/ShowDocument.aspx" page. The server responds with the file contents of the internal system file requested, potentially enabling adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application.

Recommendations As a temporary workaround, consider restricting access to the "RRSWeb/maint/ShowDocument/ShowDocument.aspx" page until a patch is available. Additionally, limiting the ability of authenticated users to reference internal system files can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.