CVE-2022-23854

High

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated…

icscert·CWE-23·Published 2022-12-23

CVSS

7.5

EPSS

0.46

KEV

Exploits

cve.orgen

230 chars

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.

NVDen

230 chars

NVDes

259 chars

AVEVA InTouch Access Anywhere versiones 2020 R2 y anteriores son vulnerables a una explotación de path traversal que podría permitir a un usuario no autenticado con acceso a la red leer archivos en el sistema fuera del servidor web de puerta de enlace segura.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N