Path traversal in RakRak Document Plus
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-49108 |
| CWE-ID | CWE-22 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
RakRak Document Plus Other software / Other software solutions |
| Vendor | Sumitomo Electric Information Systems |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU83630
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-49108
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user on the local network can send a specially crafted HTTP request and read or delete arbitrary files on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRakRak Document Plus: 3.2.0.0 - 6.4.0.7
CPE2.3- cpe:2.3:a:sumitomo_electric_information_systems:rakrak_document_plus:*:*:*:*:*:*:*:*
- cpe:2.3:a:sumitomo_electric_information_systems:rakrak_document_plus:3.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:sumitomo_electric_information_systems:rakrak_document_plus:6.4.0.7:*:*:*:*:*:*:*
http://jvn.jp/en/jp/JVN46895889/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
