High severity8.1NVD Advisory· Published Jun 23, 2023· Updated Jun 17, 2026
CVE-2023-35801
CVE-2023-35801
Description
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Safe Software/FME Serverdescription
- Range: =2023.0
- Range: <2022.2.5
Patches
Vulnerability mechanics
References
3- community.safe.com/s/article/Known-Issue-FME-Flow-Directory-Traversal-VulnerabilitynvdMitigationVendor Advisory
- community.safe.com/s/nvdProduct
- downloads.safe.com/fme/2023/whatsnew_server_2023_0_0_3.txtnvdRelease Notes
News mentions
0No linked articles in our index yet.