CVE-2022-29932

Published: May 11, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.

Affected (1)

Products: Primeur: Spazio

Primeur

1 product

Spazio

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Primeur Spazio	Version 2.5.1.954

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://github.com/Off3nS3c/CVE-2022-29932/blob/main/Proof-of-Concept.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.primeur.com/managed-file-transfer

Source: cve@mitre.org

Vendor Advisory

https://github.com/Off3nS3c/CVE-2022-29932/blob/main/Proof-of-Concept.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.primeur.com/managed-file-transfer

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.