CVE-2023-48373

Name of the Vulnerable Software and Affected Versions ITPison OMICARD EDM (affected versions not specified)

Description The issue is related to a path traversal vulnerability within the FileName parameter in a specific function. This vulnerability can be exploited by an unauthenticated remote attacker to bypass authentication and download arbitrary system files. The vulnerability is associated with incorrect restriction of the directory path name with limited access when processing the FileName parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable function that processes the FileName parameter to minimize the risk of exploitation. Avoid using the FileName parameter in the affected function until the issue is resolved.