CVE-2022-27192
HIGHDVS Avilys < 3.5.58 - Unauthenticated Sensitive Information Exposure via Reporting Module
Title source: llmDescription
The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://lt.asseco.com/sprendimai/dokumentu-valdymas/dvs-avilys/
Third Party Advisory x_refsource_misc
https://github.com/transcendent-group/advisories/blob/main/CVE-2022-27192.md
Scores
CVSS v3
7.5
EPSS
0.0110
EPSS Percentile
61.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
asseco/dvs_avilys
< 3.5.58
Published
Mar 23, 2022
Tracked Since
Feb 18, 2026