cbcvebase.
CVE-2022-45269
published 2022-12-12

CVE-2022-45269: A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.

PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.09%
86.1th percentile
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.

Affected

1 ranges
VendorProductVersion rangeFixed in
gmaolinxlinx_sphere

Detection & IOCsextracted from sources · hover to see the quote

url/../../../../../../../../../../../../windows/iis.log
path/windows/iis.log
uaSCS.Web.Server.SPI/1.0
  • HTTP GET requests containing deep path traversal sequences (../../../../../../../../../../../../) targeting windows/iis.log are indicative of CVE-2022-45269 exploitation attempts against Linx Sphere.
  • Responses containing the string 'Component Based Setup' in the body following a traversal request confirm successful exploitation.
  • Identify vulnerable Linx Sphere instances by fingerprinting the server header/banner 'SCS.Web.Server.SPI/1.0' (FOFA query: "SCS.Web.Server.SPI/1.0").
  • ·The vulnerability is unauthenticated (PR:N, UI:N) and network-accessible (AV:N), meaning no credentials are required to exploit it remotely.
  • ·Affected version is specifically Linx Sphere LINX 7.35.ST15; detections should be scoped to this CPE.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.