Vulnerability Description
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Safe | Fme Server | < 2022.2.5 |
Related Weaknesses (CWE)
References
- https://community.safe.com/s/Product
- https://community.safe.com/s/article/Known-Issue-FME-Flow-Directory-Traversal-VuMitigationVendor Advisory
- https://downloads.safe.com/fme/2023/whatsnew_server_2023_0_0_3.txtRelease Notes
- https://community.safe.com/s/Product
- https://community.safe.com/s/article/Known-Issue-FME-Flow-Directory-Traversal-VuMitigationVendor Advisory
- https://downloads.safe.com/fme/2023/whatsnew_server_2023_0_0_3.txtRelease Notes
FAQ
What is CVE-2023-35801?
CVE-2023-35801 is a vulnerability with a CVSS score of 8.1 (HIGH). A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized ...
How severe is CVE-2023-35801?
CVE-2023-35801 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35801?
Check the references section above for vendor advisories and patch information. Affected products include: Safe Fme Server.