Details of VAR-190001-1057

ID

VAR-190001-1057

TITLE

Cloupia FlexPod Management and Automation Directory Traversal Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2012-0163

DESCRIPTION

Cloupia provides end-to-end FlexPod configuration, management, and automation solutions. Cloupia End-To-End FlexPod management has a directory traversal vulnerability, jQuery File Tree is a configurable Ajax file browser jQuery plugin. Unauthenticated access to this module allows a remote attacker to browse the entire file system on the host server. FlexPod Management & Automation is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to read arbitrary files outside of the server root directory. This may aid in further attacks

Trust: 0.99

sources: CNVD: CNVD-2012-0163 // BID: 51419 // IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0163

AFFECTED PRODUCTS

vendor:	cloupia	model:	flexpod management and automation	scope:	eq	version:	0	Trust: 0.8
vendor:	cloupia	model:	flexpod management & automation	scope:	eq	version:	0	Trust: 0.3

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0163 // BID: 51419

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	0ce5643e-1f78-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	0ce5643e-1f78-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d

THREAT TYPE

remote ※ local

Trust: 0.6

sources: CNNVD: CNNVD-201201-184

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 51419

EXTERNAL IDS

db:	BID	id:	51419	Trust: 1.5
db:	CNVD	id:	CNVD-2012-0163	Trust: 0.8
db:	PACKETSTORM	id:	108682	Trust: 0.6
db:	CNNVD	id:	CNNVD-201201-184	Trust: 0.6
db:	IVD	id:	0CE5643E-1F78-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0163 // BID: 51419 // CNNVD: CNNVD-201201-184

REFERENCES

url:	http://packetstormsecurity.org/files/108682/kustodian-2011-011.txt	Trust: 0.6
url:	http://www.securityfocus.com/bid/51419	Trust: 0.6
url:	http://www.cloupia.com/en/flexpod-management-and-automation.htm	Trust: 0.3

sources: CNVD: CNVD-2012-0163 // BID: 51419 // CNNVD: CNNVD-201201-184

CREDITS

Chris Rock

Trust: 0.9

sources: BID: 51419 // CNNVD: CNNVD-201201-184

SOURCES

db:	IVD	id:	0ce5643e-1f78-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0163
db:	BID	id:	51419
db:	CNNVD	id:	CNNVD-201201-184

LAST UPDATE DATE

2022-05-17T02:07:53.746000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0163	date:	2012-01-18T00:00:00
db:	BID	id:	51419	date:	2012-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201201-184	date:	2012-01-18T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	0ce5643e-1f78-11e6-abef-000c29c66e3d	date:	2012-01-18T00:00:00
db:	CNVD	id:	CNVD-2012-0163	date:	2012-01-18T00:00:00
db:	BID	id:	51419	date:	2012-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201201-184	date:	1900-01-01T00:00:00