PT-2022-22374 · Unknown · Clusterpro X+3
Published
2022-11-08
·
Updated
2022-11-09
·
CVE-2022-34822
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CLUSTERPRO X versions 5.0 and earlier
EXPRESSCLUSTER X versions 5.0 and earlier
CLUSTERPRO X SingleServerSafe versions 5.0 and earlier
EXPRESSCLUSTER X SingleServerSafe versions 5.0 and earlier
Description
The issue allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. This is due to a path traversal vulnerability.
Recommendations
For CLUSTERPRO X versions 5.0 and earlier, update to a version later than 5.0 to resolve the issue.
For EXPRESSCLUSTER X versions 5.0 and earlier, update to a version later than 5.0 to resolve the issue.
For CLUSTERPRO X SingleServerSafe versions 5.0 and earlier, update to a version later than 5.0 to resolve the issue.
For EXPRESSCLUSTER X SingleServerSafe versions 5.0 and earlier, update to a version later than 5.0 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clusterpro X
Clusterpro X Singleserversafe
Expresscluster X
Expresscluster X Singleserversafe