CVE-2023-4748

Name of the Vulnerable Software and Affected Versions Yongyou UFIDA-NC versions up to 20230807

Description A critical issue has been found in the processing of the file PrintTemplateFileServlet.java, where the manipulation of the filePath argument leads to path traversal. This issue can be initiated remotely.

Recommendations For versions up to 20230807, as a temporary workaround, consider restricting access to the PrintTemplateFileServlet.java file to minimize the risk of exploitation. Avoid using the filePath argument in the affected processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.