CVE-2022-45184
HIGHPowerShell Universal 3.0.0-3.4.6 - Authenticated Path Traversal via Web Server Endpoints
Title source: llmDescription
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7.
References (3)
Core 3
Core References
Vendor Advisory
https://blog.ironmansoftware.com/psu-2022-11-cve/
Release Notes, Vendor Advisory
https://docs.powershelluniversal.com/changelog
Vendor Advisory
https://ironmansoftware.com
Scores
CVSS v3
7.2
EPSS
0.0191
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
ironmansoftware/powershell_universal
3.0.0 - 3.4.7
Published
Nov 14, 2022
Tracked Since
Feb 18, 2026