CVE-2022-27192
HIGHAsseco Dvs Avilys < 3.5.58 - Log Information Exposure
Title source: ruleDescription
The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://lt.asseco.com/sprendimai/dokumentu-valdymas/dvs-avilys/
Third Party Advisory x_refsource_misc
https://github.com/transcendent-group/advisories/blob/main/CVE-2022-27192.md
Scores
CVSS v3
7.5
EPSS
0.0096
EPSS Percentile
76.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
asseco/dvs_avilys
< 3.5.58
Published
Mar 23, 2022
Tracked Since
Feb 18, 2026