CVE-2005-2619

CWE-22Path Traversal3 documents3 sources
Severity
9.3CRITICAL
EPSS
1.0%
top 23.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Notes
Timeline
PublishedDec 31
Latest updateMay 1

Description

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDibm/lotus_notes11 versions+10

Patches

Patch: secunia.comPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-95h6-22hh-49ff: Directory traversal vulnerability in kvarcve2022-05-01
CVEList
CVE-2005-2619: Directory traversal vulnerability in kvarcve2006-02-15
CVE-2005-2619 (CRITICAL CVSS 9.3) | Directory traversal vulnerability i | cvebase.io