CVE-2017-9367 — Path Traversal in Workspaces Appliance-x

CWE-22 — Path Traversal3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 29.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blackberry Workspaces Appliance-x Blackberry Workspaces Server Blackberry Workspaces Vapp

Timeline

PublishedOct 16

Latest updateMay 17

Description

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5blackberry/workspaces_serverBlackBerry Workspaces Server components Appliance-X 1.11.0 to 1.11.2, vApp versions 5.6.0 to 5.6.6, and vApp versions 5.5.9 and earlier

▶NVDblackberry/workspaces_appliance-x1.11.2

▶NVDblackberry/workspaces_vapp17 versions+16

🔴Vulnerability Details

GHSA

GHSA-r9vh-jcrf-44r6: A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or r↗2022-05-17

▶

CVEList

CVE-2017-9367: A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or r↗2017-10-16

▶