Arbitrary File Deletion Vulnerability in Yamcs API Storage Functionality

Arbitrary File Deletion Vulnerability in Yamcs API Storage Functionality

CVE-2023-45278 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

Learn more about our Api Penetration Testing.