CVE-2022-29597 — MEDIUM (6.5)

Vulnerability Description

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Solutions-Atlantic	Regulatory Reporting System	500

Related Weaknesses (CWE)

CWE-22

References

https://github.com/TheGetch/CVE-2022-29597ExploitThird Party Advisory
https://solutions-atlantic.com/rrs/Product
https://github.com/TheGetch/CVE-2022-29597ExploitThird Party Advisory
https://solutions-atlantic.com/rrs/Product

FAQ

What is CVE-2022-29597?

CVE-2022-29597 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to...

How severe is CVE-2022-29597?

CVE-2022-29597 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29597?

Check the references section above for vendor advisories and patch information. Affected products include: Solutions-Atlantic Regulatory Reporting System.