CVE-2022-27192

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
assecodvs_avilys
𝑥
< 3.5.58
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/transcendent-group/advisories/blob/main/CVE-2022-27192.md
https://lt.asseco.com/sprendimai/dokumentu-valdymas/dvs-avilys/
https://github.com/transcendent-group/advisories/blob/main/CVE-2022-27192.md
https://lt.asseco.com/sprendimai/dokumentu-valdymas/dvs-avilys/