CVE-2023-28382

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1
References
Link Resource
https://customer.et-x.jp/app/answers/detail/a_id/2260 Permissions Required
https://jvn.jp/en/jp/JVN19243534/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:linux:*:*
cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:hp-ux:*:*
cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:solaris:*:*
cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:aix:*:*

History

01 Jun 2023, 19:20

Type Values Removed Values Added
References (MISC) https://customer.et-x.jp/app/answers/detail/a_id/2260 - (MISC) https://customer.et-x.jp/app/answers/detail/a_id/2260 - Permissions Required
References (MISC) https://jvn.jp/en/jp/JVN19243534/ - (MISC) https://jvn.jp/en/jp/JVN19243534/ - Third Party Advisory
CWE CWE-22
First Time Et-x
Et-x ess Rec
CPE cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:solaris:*:*
cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:aix:*:*
cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:linux:*:*
cpe:2.3:a:et-x:ess_rec:*:*:*:*:server:hp-ux:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1

26 May 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-26 09:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-28382

Mitre link : CVE-2023-28382

CVE.ORG link : CVE-2023-28382


JSON object : View

Products Affected

et-x

  • ess_rec
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')