CVE-2022-39838

HIGH

Systematic FIX Adapter Firmware 2.4.0.25 - Path Traversal via UNC Share Pathname

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-39838. PoCs published by jet-pentest.

AI-analyzed exploit summary The repository provides a functional proof-of-concept for CVE-2022-39838, demonstrating remote file inclusion and absolute path traversal in Systematica FIX Adapter (ALFAFX) 2.4.0.25. The PoC includes specific HTTP request examples to exploit the vulnerability.

Description

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.

Exploits (1)

nomisec WORKING POC 1 stars
by jet-pentest · poc
https://github.com/jet-pentest/CVE-2022-39838

The repository provides a functional proof-of-concept for CVE-2022-39838, demonstrating remote file inclusion and absolute path traversal in Systematica FIX Adapter (ALFAFX) 2.4.0.25. The PoC includes specific HTTP request examples to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Systematica FIX Adapter (ALFAFX) 2.4.0.25
No auth needed
Prerequisites: Network access to the vulnerable server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Product x_refsource_misc
http://systematicalpha.com/company
Exploit, Third Party Advisory x_refsource_misc
https://github.com/jet-pentest/CVE-2022-39838
Permissions Required, Vendor Advisory x_refsource_misc
http://systematicalpha.com/trading-programs/systematic-alpha-fx-master-fund

Scores

CVSS v3 8.6
EPSS 0.0151
EPSS Percentile 71.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
systematicalpha/systematic_fix_adapter_firmware 2.4.0.25
Published Sep 05, 2022
Tracked Since Feb 18, 2026