Vulnerability Details CVE-2022-39833
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 7.2
References
- https://gist.github.com/DylanGrl/4b4e0d53bb7626b2ab3f834ec5a2b23c
- https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution
- https://gist.github.com/DylanGrl/4b4e0d53bb7626b2ab3f834ec5a2b23c
- https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution
Products affected by CVE-2022-39833
-
cpe:2.3:a:filecloud:filecloud:20.2.0.11915
-
cpe:2.3:a:filecloud:filecloud:20.2.3.12065
-
cpe:2.3:a:filecloud:filecloud:20.3
-
cpe:2.3:a:filecloud:filecloud:20.3.1.13094
-
cpe:2.3:a:filecloud:filecloud:20.3.2.13174
-
cpe:2.3:a:filecloud:filecloud:20.3.3.13230
-
cpe:2.3:a:filecloud:filecloud:21.1
-
cpe:2.3:a:filecloud:filecloud:21.1.0.15081
-
cpe:2.3:a:filecloud:filecloud:21.1.1.15106
-
cpe:2.3:a:filecloud:filecloud:21.2
-
cpe:2.3:a:filecloud:filecloud:21.2.2.17308
-
cpe:2.3:a:filecloud:filecloud:21.2.2.6683
-
cpe:2.3:a:filecloud:filecloud:21.3
-
cpe:2.3:a:filecloud:filecloud:21.3.0.18447
-
cpe:2.3:a:filecloud:filecloud:21.3.1.18456
-
cpe:2.3:a:filecloud:filecloud:21.3.2.7501
-
cpe:2.3:a:filecloud:filecloud:21.3.5.18513