The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.
References
Link | Resource |
---|---|
https://github.com/transcendent-group/advisories/blob/main/CVE-2022-27192.md | Third Party Advisory |
https://lt.asseco.com/sprendimai/dokumentu-valdymas/dvs-avilys/ | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-23T21:22:38
Updated: 2022-04-06T01:11:06
Reserved: 2022-03-15T00:00:00
Link: CVE-2022-27192
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-23T22:15:13.373
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-27192
JSON object: View
Redhat Information
No data.
CWE