CVE-2022-43514

Name of the Vulnerable Software and Affected Versions Automation License Manager V5 (All versions) Automation License Manager V6 (All versions prior to V6.0 SP9 Upd4) TeleControl Server Basic V3 (All versions prior to V3.1.2)

Description The issue is related to a path traversal vulnerability. It may allow a remote attacker to execute arbitrary code. The affected component does not correctly validate the root path on folder-related operations, allowing modification of files and folders outside the intended root directory. This could enable an unauthenticated remote attacker to execute file operations on files outside of the specified root folder.

Recommendations For Automation License Manager V5, update to a version that includes the necessary security fixes. For Automation License Manager V6, update to V6.0 SP9 Upd4 or later. For TeleControl Server Basic V3, update to V3.1.2 or later.