Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Data_management_server_firmware | Samsung | 2.0.0 (including) | 2.3.13.1 (excluding) |
Data_management_server_firmware | Samsung | 2.5.0.17 (including) | 2.6.14.1 (excluding) |
Data_management_server_firmware | Samsung | 2.7.0.15 (including) | 2.9.3.6 (excluding) |