CVE-2020-15858

MEDIUM Year: 2020
CVSS v3 Score
6.4
Medium
CVSS v2 Score
3.6
Low
Weakness Type
CWE-22
View all →

Vulnerability Description

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04

Related Vulnerabilities

CVE-2015-8780

MEDIUM
CVSS:6.4(Medium)

Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.

CWE-222015

CVE-2021-20517

MEDIUM
CVSS:6.4(Medium)

IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "...

CWE-222021

CVE-2024-25620

MEDIUM
CVSS:6.4(Medium)

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file inclu...

CWE-222024

CVE-2025-48744

MEDIUM
CVSS:6.4(Medium)

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

CWE-222025

CVE-2009-4053

MEDIUM
CVSS:6.5(Medium)

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (...

CWE-222009