CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Sep 15, 2022

CVE-2022-26352

High

EPSS 94.3%CISA KEVRansomware

Description

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.

EPSS — Exploit Probability

94.3%

Higher than 100.0% of all CVEs

Required Action

https://www.dotcms.com/security/SI-62; https://nvd.nist.gov/vuln/detail/CVE-2022-26352

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 94.3%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Aug 25, 2022

Added to KEV

Aug 25, 2022

Remediation Due

Sep 15, 2022

Affected Product

dotCMS

View all dotCMS CVEs

External Links

NVD (NIST)CVE Details MITRE CVE