← Back

CVE-2022-3969

nvd nist
Published: Nov 13, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.

Affected (1)

Products: Openkm: Openkm
Openkm
1 product
Openkm
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openkm
Before 6.3.12

Related CWEs

CWE-377
Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.

References (8)

Source: cna@vuldb.com
PatchThird Party Advisory
Source: cna@vuldb.com
ExploitPatchThird Party Advisory
Source: cna@vuldb.com
Release NotesThird Party Advisory
Source: cna@vuldb.com
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory

Timeline

No history available yet.