Insecure Temp File Creation in ManyDesigns Portofino 5.3.2 Fixed 5.3.3
CVE-2022-3952 Published on November 11, 2022

ManyDesigns Portofino WarFileLauncher.java createTempDir temp file
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.


Products Associated with CVE-2022-3952

Want to know whenever a new CVE is published for Manydesigns Portofino? stack.watch will email you.

Manydesigns Portofino
 

Affected Versions

ManyDesigns Portofino Version 5.3.2 is affected by CVE-2022-3952

Exploit Probability

EPSS
0.09%
Percentile
25.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.