An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492 | Exploit Third Party Advisory |
Configurations
Information
Published : 2022-05-25 14:15
Updated : 2022-06-07 08:14
NVD link : CVE-2022-26067
Mitre link : CVE-2022-26067
JSON object : View
CWE
CWE-306
Missing Authentication for Critical Function
Products Affected
openautomationsoftware
- oas_platform