CVE-2022-34365

Name of the Vulnerable Software and Affected Versions WMS version 3.7

Description The issue allows an attacker to potentially exploit a Path Traversal Vulnerability in the Device API, gaining unauthorized read access to files stored on the server filesystem with the privileges of the running web application.

Recommendations For WMS version 3.7, consider restricting access to the Device API until a patch is available. As a temporary workaround, limit the privileges of the running web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.