CVE-2023-0745

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-23
View all →

Vulnerability Description

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0

Related Vulnerabilities

CVE-2017-9664

CRITICAL
CVSS:9.8(Critical)

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy ...

CWE-232017

CVE-2019-17640

CRITICAL
CVSS:9.8(Critical)

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctl...

CWE-232019

CVE-2020-10631

CRITICAL
CVSS:9.8(Critical)

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CWE-232020

CVE-2020-12006

CRITICAL
CVSS:9.8(Critical)

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’...

CWE-232020

CVE-2020-25172

CRITICAL
CVSS:9.8(Critical)

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.

CWE-232020

CVE-2020-25176

CRITICAL
CVSS:9.8(Critical)

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the...

CWE-232020