How severe is CVE-2022-44749?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2022-44749?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2022-44749 - HIGH Severity | CVSS 7

Vulnerability Description

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though.

Related Vulnerabilities

CVE-2016-9351

HIGH

CVSS:7.0(High)

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.

CWE-222016

CVE-2017-5899

HIGH

CVSS:7.0(High)

Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a ....

CWE-222017

CVE-2017-9067

HIGH

CVSS:7.0(High)

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/in...

CWE-222017

CVE-2018-10501

HIGH

CVSS:7.0(High)

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privi...

CWE-222018

CVE-2023-38176

HIGH

CVSS:7.0(High)

Azure Arc-Enabled Servers Elevation of Privilege Vulnerability

CWE-222023

CVE-2016-10330

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

CWE-222016