CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-27248

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.2%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://packetstormsecurity.com/files/166560/IdeaRE-RefTree-Path-Traversal.html
https://www.idearespa.eu
http://packetstormsecurity.com/files/166560/IdeaRE-RefTree-Path-Traversal.html
https://www.idearespa.eu

Products affected by CVE-2022-27248

Idearespa » Reftree » Version: Any

cpe:2.3:a:idearespa:reftree:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27248

Products

Pricing

Contact Us