04 Oct 2023
Vulnérabilité CVE-2023-3701 CVE Vulnerability
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform. (CVSS:9.9) (Last Update:2023-10-04 11:15:10)
Vulnerability Details :
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.
Vulnerability category:Directory traversal
Published 2023-10-04 11:15:10
Updated 2023-10-04 11:15:10
Exploit prediction scoring system (EPSS) score for CVE-2023-3701
We don't have an EPSS score for this CVE yet EPSS FAQ
CVSS scores for CVE-2023-3701
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 3.1 | 6.0 | [email protected] |
CWE ids for CVE-2023-3701
- The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.Assigned by: [email protected] (Secondary)