PT-2023-25323 · Safe · Fme Flow+1
Published
2023-06-23
·
Updated
2023-07-05
·
CVE-2023-35801
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Safe Software FME Server versions prior to 2022.2.5
FME Flow versions prior to 2023.0
Description
A directory traversal issue allows an attacker to bypass validation when editing a network-based resource connection, resulting in unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges.
Recommendations
For Safe Software FME Server versions prior to 2022.2.5, update to version 2022.2.5 or later to resolve the issue.
For FME Flow versions prior to 2023.0, update to version 2023.0 or later to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fme Flow
Fme Server