Description
spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.
Related CPE's
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
References
https://support.spinetix.com/wiki/DSOS_release_notes
Release NotesVendor Advisory
https://support.spinetix.com/wiki/SpinetiX-SA-20:01
Release NotesVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-03-24T17:15:13.243
4 years agoLast modified
2021-03-26T21:17:51.307
4 years ago