CVE-2022-3969

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-377
View all →

Vulnerability Description

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.

Related Vulnerabilities

CVE-2016-9595

MEDIUM
CVSS:5.5(Medium)

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them ...

CWE-3772016

CVE-2017-15111

MEDIUM
CVSS:5.5(Medium)

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

CWE-3772017

CVE-2017-7560

MEDIUM
CVSS:5.5(Medium)

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.

CWE-3772017

CVE-2018-17955

MEDIUM
CVSS:5.5(Medium)

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection

CWE-3772018

CVE-2018-19637

MEDIUM
CVSS:5.5(Medium)

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

CWE-3772018

CVE-2018-19640

MEDIUM
CVSS:5.5(Medium)

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local mach...

CWE-3772018