--------------------------------------------------------------- > [Vulnerability Type]
>> Directory Traversal --------------------------------------------------------------- > [Additional Information] >> Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare >> Appliance Vendor/Manufacturer: ArticaTech >> (https://www.articatech.com) Affected Version(s): >> 4.30.000000 <={SP273] Tested Version(s): 4.30.000000 >> {SP273] Vulnerability Type: Relative path traversal >> {CWE-23], Improper Limitation of a Pathname to a restricted >> Directory {CWE-22], {CWE 35], {CWE 36], {CAPEC-126] CVSS >> v3.1 Risk Level: High CVSS v3.1 Risk Score: 8.1 CVSS v3.1 >> Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS >> v3.0 Risk Level: High CVSS v3.0 Risk Score: 8.1 CVSS v3.0 >> Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS >> v2.0 Risk Level: High CVSS v2.0 Base Score: 7.8 CVSS v2.0 >> Temporal Score: 6.1 CVSS v2.0 Vector: >> CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N CVSS v2.0 Temporal Vector: >> CVSS2#E:POC/RL:OF/RC:C Solution Status: Fixed in Version >> 4.30.000000 {SP273] Manufacturer Notification: 5th July >> 2021 Solution Date: 9th August 2021 Public Disclosure: >> 26.08.2021 CVE Reference: Author of Advisory: Heiko >> Feldhusen, Rheinmetall Cyber Solutions GmbH --------------------------------------------------------------- > [Affected Component] >> Web-Filtering Page --------------------------------------------------------------- > [Attack Type] >> Remote --------------------------------------------------------------- > [Impact Information Disclosure] >> true --------------------------------------------------------------- > [Attack Vectors] >> simply using the url of the product within a >> standard-browser --------------------------------------------------------------- > [Has vendor confirmed] >> true --------------------------------------------------------------- > [Discoverer] >> Heiko Feldhusen, Rheinmetall-Cyber-Solutions --------------------------------------------------------------- > [Reference] >> https://seclists.org/fulldisclosure/2021/Sep/6<%20https:/seclists.org/fulldisclosure/2021/Sep/6> >> http://articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000<%20http:/articatech.net/service-packs-unstable-new.php?patch=273&main=4.30.000000> --------------------------------------------------------------- > [Vendor of Product] >> Artica Tech --------------------------------------------------------------- > [Affected Product Code Base] >> affected Versions: Artica Proxy VMWare Appliance >> 4.30.000000 <={SP273] fixed Artica Proxy VMWare Appliance >> 4.30.000000 >{SP273] --------------------------------------------------------------- Directory Traversal vulnerability in Artica Proxy VMWare Appliance 4.30.000000 <=[SP273]. This vulnerability exists in the used cgi function, which is a built in part of the proxy. Directory traversal vulnerability in Arctica Proxy 4.30.000000 from SP206 to SP255, via the filename parameter to /cgi-bin/main.cgi. Mit freundlichen Grüßen / Yours Sincerely Heiko Feldhusen ISOC Engineer Engineering Rheinmetall Cyber Solutions GmbH Mary-Somerville-Str. 14 · 28359 Bremen · Germany Tel. / Phone +49 (0) 421 8070 1025<tel:+4942180701025> [email protected]<mailto:[email protected]> www.rheinmetall-cyber.solutions Think before you print! [cid:[email protected]] Rheinmetall Cyber Solutions GmbH Mary-Somerville-Str. 14, 28359 Bremen, Germany Sitz der Gesellschaft: Bremen Amtsgericht Bremen HRB 35895 Geschäftsführung/Executive Board: Moritz Pichler, Jendrik Kreisel This email may contain confidential information. If you are not the intended addressee, or if the information provided in this email including any attachments) is evidently not destined for you, kindly inform us promptly and delete the message received in error (including any attachments) by erasing it from all your computers and other storage devices or media and destroying any hard copies thereof. Any unauthorized processing, forwarding, disclosure, distribution, divulgation, storage, printout or other use of this message or its attachment is prohibited. If your system is infected or otherwise bugged by any virus that is carried by this email, we disclaim any liability whatsoever for the ensuing loss or damage unless caused by our intention or gross negligence.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
