Medium severity6.5NVD Advisory· Published Apr 3, 2022· Updated Jun 17, 2026
CVE-2022-27248
CVE-2022-27248
Description
A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- IdeaRE/RefTreedescription
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/166560/IdeaRE-RefTree-Path-Traversal.htmlnvdThird Party AdvisoryVDB Entry
- www.idearespa.eunvdProduct
News mentions
0No linked articles in our index yet.