CVE-2024-33620

Summary

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.

Affected Software

VendorProductVersion RangeStatus
Fsas Technologies Inc.FUJITSU Business Application ID Link Manager IIV1.8 and earlieraffected
Fsas Technologies Inc.FUJITSU Software ID Link ManagerV2.0affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV2.3.0affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV2.3.1affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV2.4affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV2.5affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV2.6affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link Managerand V2.7affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV3.0affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV3.0.2affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link ManagerV3.0.2.1affected
Fsas Technologies Inc.FUJITSU Software TIME CREATOR ID Link Managerand V3.0.3affected

Weaknesses

  • Absolute path traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References