CVE-2022-34822
published 2022-11-08CVE-2022-34822: Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.38%
68.7th percentile
Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nec | expresscluster_x | <= 5.0 | — |
| nec | expresscluster_x_singleserversafe | <= 5.0 | — |
| nec_corporation | clusterpro_x | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows path traversal (EUVD-2022-37728)
vuldb·2026-06-14·CVSS 9.8
CVE-2022-34822 [CRITICAL] NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows path traversal (EUVD-2022-37728)
A vulnerability classified as critical has been found in NEC CLUSTERPRO X and EXPRESSCLUSTER X up to 5.0 on Windows. This vulnerability affects unknown code. This manipulation causes path traversal.
This vulnerability is registered as CVE-2022-34822. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-cxx2-36cf-cwrx: Path traversal vulnerability in CLUSTERPRO X 5
ghsa_unreviewed·2022-11-09
CVE-2022-34822 [CRITICAL] CWE-22 GHSA-cxx2-36cf-cwrx: Path traversal vulnerability in CLUSTERPRO X 5
Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-08
Published