IGSS Vulnerability: Remote File Read via Improper Pathname Limitation

IGSS Vulnerability: Remote File Read via Improper Pathname Limitation

CVE-2020-7478 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.

Learn more about our Cis Benchmark Audit For Server Software.