PT-2022-27340 · Unknown · Bspkrs Mcpmappingviewer
Jonathan Leitschuh
·
Published
2022-12-14
·
Updated
2022-12-16
·
CVE-2022-4494
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
bspkrs MCPMappingViewer (affected versions not specified)
Description
A critical issue has been found in the
extractZip function of the RemoteZipHandler.java file, part of the ZIP File Handler component. This issue leads to path traversal and can be exploited remotely.Recommendations
To fix this issue, it is recommended to apply a patch. The name of the patch is 6e602746c96b4756c271d080dae7d22ad804a1bd. As a temporary workaround, consider disabling the
extractZip function until a patch is available. Restrict access to the ZIP File Handler component to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bspkrs Mcpmappingviewer