Directory Traversal Vulnerability in dotCMS Core by dotCMS
CVE-2022-45783

6.5MEDIUM

Key Information:

Vendor: Dotcms
Status: Dotcms
Vendor: CVE Published:; 1 February 2023

What is CVE-2022-45783?

An authenticated directory traversal vulnerability has been identified in the dotCMS core API, affecting versions 4.x through 22.10.2. This vulnerability could allow unauthorized users to access restricted file directories and execute remote code, posing a significant security risk to the affected installations. Users are advised to review their configurations and apply the necessary security updates to mitigate this risk.

References

https://www.dotcms.com/security/SI-67

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Nov 22, 2022

JSON

Dotcms

What is CVE-2022-45783?

References

EPSS Score

CVSS V3.1

Timeline