CVE-2012-2293

Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:::::::*
	cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:emc:rsa_archer_egrc:5.0:::::::*
	cpe:2.3:a:emc:rsa_archer_egrc:5.1:::::::*
	cpe:2.3:a:emc:rsa_archer_egrc:5.2:::::::*

History

No history.

Information

Published : 2013-02-06 12:05

Updated : 2024-02-04 18:16

NVD link : CVE-2012-2293

Mitre link : CVE-2012-2293

CVE.ORG link : CVE-2012-2293

JSON object : View

Products Affected

emc

rsa_archer_egrc
rsa_archer_smartsuite

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2012-2293", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-06T12:05:42.223", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html", "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en EMC RSA Archer SmartSuite Framework v4.x y RSA Archer GRC v5.x antes de v5.2SP1 permite a usuarios remotos autenticados subir archivos, y por lo tanto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una ruta relativa."}], "lastModified": "2013-02-07T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29D3D26F-51B6-4FF1-86AD-5C5B72957134"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_smartsuite:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EEA2EBB-DF3A-483A-91B9-BB713F235B1D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55A8BB4B-1142-4A18-A568-4F95ED342A09"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39CB1DFE-D0B3-4220-9785-F32BC729BD48"}, {"criteria": "cpe:2.3:a:emc:rsa_archer_egrc:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6EFEF14-3B3F-4622-8D43-8EDC1D7A5709"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}