CVE-2023-35801

high

Description

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.

References

https://downloads.safe.com/fme/2023/whatsnew_server_2023_0_0_3.txt

https://community.safe.com/s/article/Known-Issue-FME-Flow-Directory-Traversal-Vulnerability

https://community.safe.com/s/

Details

Source: Mitre, NVD

Published: 2023-06-23

Updated: 2023-07-05

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High