CVE-2023-28382

HIGH

ESS REC Agent Server Edition < 1.4.3 - Authenticated Path Traversal

Title source: llm

Description

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1

References (2)

Core 2

Core References

Permissions Required

https://customer.et-x.jp/app/answers/detail/a_id/2260

Third Party Advisory

https://jvn.jp/en/jp/JVN19243534/

Scores

CVSS v3 8.1

EPSS 0.0091

EPSS Percentile 55.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (3)

et-x/ess_rec 1.0.0 - 1.4.3

et-x/ess_rec 1.1.0 - 1.4.0 (2 CPE variants)

et-x/ess_rec 1.2.0 - 1.4.1

Published May 26, 2023

Tracked Since Feb 18, 2026