Directory Traversal Vulnerability in AWS XMS by Amazon Web Services
CVE-2013-2474

7.5HIGH

Key Information:

Vendor: Aws-dms
Status: Aws Xms
Vendor: CVE Published:; 27 January 2020

What is CVE-2013-2474?

A directory traversal vulnerability exists in AWS XMS 2.5, which allows remote attackers to manipulate the 'what' parameter. By exploiting this vulnerability, attackers can potentially access sensitive files stored on the server, posing serious security risks. It is crucial for administrators to apply patches and implement proper security measures to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/bid/58753

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/24906

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/83062

vdb-entryx_refsource_XF

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2020
Vulnerability Reserved
Mar 6, 2013

Aws-dms

What is CVE-2013-2474?

References

EPSS Score

CVSS V3.1

Timeline