PT-2022-22377 · Unknown · Clusterpro X+3
Published
2022-11-08
·
Updated
2022-11-09
·
CVE-2022-34825
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CLUSTERPRO X versions 5.0 and earlier
EXPRESSCLUSTER X versions 5.0 and earlier
CLUSTERPRO X SingleServerSafe versions 5.0 and earlier
EXPRESSCLUSTER X SingleServerSafe versions 5.0 and earlier
Description
The issue allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. This is due to an uncontrolled search path element in the affected software.
Recommendations
For CLUSTERPRO X versions 5.0 and earlier, update to a version that addresses the uncontrolled search path element issue.
For EXPRESSCLUSTER X versions 5.0 and earlier, update to a version that addresses the uncontrolled search path element issue.
For CLUSTERPRO X SingleServerSafe versions 5.0 and earlier, update to a version that addresses the uncontrolled search path element issue.
For EXPRESSCLUSTER X SingleServerSafe versions 5.0 and earlier, update to a version that addresses the uncontrolled search path element issue.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clusterpro X
Clusterpro X Singleserversafe
Expresscluster X
Expresscluster X Singleserversafe