CVE-2014-2575
Published Jun 6, 2014
Last updated 6 years ago
Overview
- Description
- Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Evaluator
- Comment
- Per: http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2 "Affected Products ASPxFileManager Control for WebForms and MVC (v10.2 and higher)"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DE44CD4-8B78-41DB-BD93-320AACCF04EC",
"versionEndIncluding": "13.1.9"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B481A50-F12D-49C1-993F-BDA9B6469308"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D29EAF0-1BF5-4688-8A61-3F1CEB391EA8"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C1CE9AE-FA74-496D-9322-B0E43C322313"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "126F2377-DB2A-444D-ADA3-FA3FDBCE2F24"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DE2FF8D-3A08-4A63-8C5A-FD008A455950"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B67F786-CC7F-4D1C-8AB6-B31176196C8D"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F10E34D-990E-48CE-A29E-C7BC4A5F274D"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94B8D8A9-8833-4207-AA13-6BF8212EFAF5"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8566F558-15DE-47A9-A1A4-32E1B100F404"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD706CF4-4009-4DED-BE36-2BB2B02B0106"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3204F394-0D37-42C4-9D1E-808B7ED64CB0"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83BA500D-9F1E-44F1-8B5E-C7D91745B482"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E02E5FB-2337-4F73-BFD2-8F04A82B5838"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B30C4624-8C2A-46F6-8FD0-06A297FBBBA9"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2524E3FA-EA15-40F7-B9CD-A11F20F8D2FC"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2408EC5C-38FD-4FAF-9311-ED7DE5068602"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A516EC58-205E-493C-95CF-E394AD9C79BE"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3315814-ACF4-4A9F-BE8D-CCDF48F4C07B"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "312D1205-77DD-4555-821B-AC15AA04D0C2"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "865CF2CB-0C62-4691-B437-A7F0E845E108"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11D46952-D9A8-4AB2-BD88-C7AF334345D6"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA24423E-7B02-4E7D-ADF3-6F2CA3AD3A97"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A145FD1-138D-4AE5-A7F5-1F366C899A36"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FF9ED2F-71CF-43C4-BADA-21127449BF11"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B04575E-5EA9-4C11-BF05-CB0325CF5FE8"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B33F742-3C02-4C5E-965C-A548AF1CAD23"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA960FFA-66FD-4241-B030-68E30E2A1EC6"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A866BAEA-10C1-4986-8A53-1601AA35EEC7"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35F04C61-4120-4491-8A52-3462222E6360"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6E1AB2F-0983-4A11-AB33-07A96E8981B0"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "374B69E8-1FAE-42DC-A12B-07108D972596"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C99452E-F48E-4B5E-83FE-8C43D4A1C57B"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F712ED9-0E3E-40B8-84C7-15F6019E7D02"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "044389B4-E88E-4660-AE1D-6B5DCE9BA5F5"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E6A7903-1569-4E88-ACB2-F6F896D7E331"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33A040AF-86AA-4C75-AC19-6C3B9F8033AC"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C8FB2D0-9E36-4807-B11B-E7A14845485A"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DB83B47-1EEC-4F17-8856-8CF21C9D9B07"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DC32505-5486-4A8F-A1AE-36DAE7BCDF1E"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6867507-D95E-4061-83ED-3EA51D7DA3FA"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E24C61E-9BF0-45BE-8C2F-5FF576C2C4DF"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C007F30-A64F-4542-8C76-E7D343A2C603"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94BF704B-E5F1-41E4-AC99-9D79D85AB0ED"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44AB35BD-B5A7-4A1C-A764-287336B6EEE9"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CF07C99-A211-47BC-AB8B-F63107242EF3"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29EA3426-2223-47A8-8DF9-3616C35194BA"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F633C7F5-B02E-468A-913F-059213222FE4"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCE47FC1-7C86-47AB-89DA-178EAAF78FA5"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "894863DD-5F0A-45EC-A4C5-9B17ED0A24F4"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96808DEB-8CA2-42E8-8B9D-2006BDAEB3FF"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60B11BEE-7A58-4C74-8FFD-4E1BBE687B75"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38AE5721-4F6D-4FC3-BC23-A78572B95692"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331DE4BF-A200-45FB-930A-63BD6757F290"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64DD6C1A-C293-4D41-A33E-C37001E96139"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EFBB270-0F21-43C1-9F6A-898B34A7358F"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC6ED3EC-A009-4162-8C81-3DAD2ABF0098"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD25EFB6-9BB7-42B9-97CE-CB38B000224C"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48D104EE-02E5-45C6-9BF9-C378447B5117"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E9FC164-8240-49D0-87B4-2BA94FF176BD"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53C84B8E-4EB1-460A-A6DA-C49B43481D28"
},
{
"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "691BBC94-1724-4C66-85EB-F939B2A8C4E4"
}
],
"operator": "OR"
}
]
}
]