ID

VAR-190001-1057


TITLE

Cloupia FlexPod Management and Automation Directory Traversal Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2012-0163

DESCRIPTION

Cloupia provides end-to-end FlexPod configuration, management, and automation solutions. Cloupia End-To-End FlexPod management has a directory traversal vulnerability, jQuery File Tree is a configurable Ajax file browser jQuery plugin. Unauthenticated access to this module allows a remote attacker to browse the entire file system on the host server. FlexPod Management & Automation is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to read arbitrary files outside of the server root directory. This may aid in further attacks

Trust: 0.99

sources: CNVD: CNVD-2012-0163 // BID: 51419 // IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0163

AFFECTED PRODUCTS

vendor:cloupiamodel:flexpod management and automationscope:eqversion:0

Trust: 0.8

vendor:cloupiamodel:flexpod management & automationscope:eqversion:0

Trust: 0.3

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0163 // BID: 51419

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d

THREAT TYPE

remote ※ local

Trust: 0.6

sources: CNNVD: CNNVD-201201-184

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 51419

EXTERNAL IDS

db:BIDid:51419

Trust: 1.5

db:CNVDid:CNVD-2012-0163

Trust: 0.8

db:PACKETSTORMid:108682

Trust: 0.6

db:CNNVDid:CNNVD-201201-184

Trust: 0.6

db:IVDid:0CE5643E-1F78-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 0ce5643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0163 // BID: 51419 // CNNVD: CNNVD-201201-184

REFERENCES

url:http://packetstormsecurity.org/files/108682/kustodian-2011-011.txt

Trust: 0.6

url:http://www.securityfocus.com/bid/51419

Trust: 0.6

url:http://www.cloupia.com/en/flexpod-management-and-automation.htm

Trust: 0.3

sources: CNVD: CNVD-2012-0163 // BID: 51419 // CNNVD: CNNVD-201201-184

CREDITS

Chris Rock

Trust: 0.9

sources: BID: 51419 // CNNVD: CNNVD-201201-184

SOURCES

db:IVDid:0ce5643e-1f78-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0163
db:BIDid:51419
db:CNNVDid:CNNVD-201201-184

LAST UPDATE DATE

2022-05-17T02:07:53.746000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0163date:2012-01-18T00:00:00
db:BIDid:51419date:2012-01-15T00:00:00
db:CNNVDid:CNNVD-201201-184date:2012-01-18T00:00:00

SOURCES RELEASE DATE

db:IVDid:0ce5643e-1f78-11e6-abef-000c29c66e3ddate:2012-01-18T00:00:00
db:CNVDid:CNVD-2012-0163date:2012-01-18T00:00:00
db:BIDid:51419date:2012-01-15T00:00:00
db:CNNVDid:CNNVD-201201-184date:1900-01-01T00:00:00