CWE-37
Path Traversal: '/absolute/pathname/here'
VariantDraft
Description
The product accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Hierarchy (View 1000)
CVEs mapped to this weakness (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10498 | Med | 0.36 | 5.5 | 0.00 | Sep 24, 2018 | This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this… | ||
| CVE-2024-12806 | Med | 0.32 | 4.9 | 0.01 | Jan 9, 2025 | A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. |
- risk 0.36cvss 5.5epss 0.00
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…
- risk 0.32cvss 4.9epss 0.01
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.