CVE-2022-27906
MEDIUMMendelson OFTP2 < 1.1b43 - Path Traversal via Odette ID
Title source: llmDescription
Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory.
References (2)
Core 2
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://insinuator.net/2022/03/a-tale-of-an-oftp2-vulnerability/
Release Notes, Vendor Advisory x_refsource_misc
https://mendelson-e-c.com/node/3355
Scores
CVSS v3
5.9
EPSS
0.0104
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
mendelson/oftp2
< 1.1b43
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026