PT-2023-20727 · Syncro Soft · Oxygen Xml Web Author+1
Published
2023-04-14
·
Updated
2023-04-22
·
CVE-2023-26559
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715
Oxygen Content Fusion versions prior to 5.0.3 build 2023022015
Description
A directory traversal issue allows an attacker to read files from a WEB-INF directory via a crafted HTTP request.
Recommendations
For Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715, update to version 25.0.0.3 build 2023021715 or later.
For Oxygen Content Fusion versions prior to 5.0.3 build 2023022015, update to version 5.0.3 build 2023022015 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oxygen Content Fusion
Oxygen Xml Web Author