← volver
CVE-2022-32287

Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives

CVSS 7.5 HIGHEPSS 1.6%CWE-22
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 1.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
03 nov 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →