OpenKM <=6.3.11 insecure temp file via FileUtils.getFileExtension
CVE-2022-3969 Published on November 13, 2022
OpenKM FileUtils.java getFileExtension temp file
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.
Vulnerability Analysis
Weakness Type
Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Products Associated with CVE-2022-3969
Want to know whenever a new CVE is published for Openkm? stack.watch will email you.
Affected Versions
unspecified OpenKM:- Version 6.3.0 is affected.
- Version 6.3.1 is affected.
- Version 6.3.2 is affected.
- Version 6.3.3 is affected.
- Version 6.3.4 is affected.
- Version 6.3.5 is affected.
- Version 6.3.6 is affected.
- Version 6.3.7 is affected.
- Version 6.3.8 is affected.
- Version 6.3.9 is affected.
- Version 6.3.10 is affected.
- Version 6.3.11 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.