appRain CMF Path Traversal Vulnerability Allowing Unauthorized File Downloads

Vulnerability

A path traversal vulnerability has been identified in appRain CMF version 4.0.5. This vulnerability allows authenticated remote users to bypass SecurityManager restrictions and download files from outside the configured document root, provided they have the necessary permissions. The issue arises in the file download functionality, where base64-encoded paths can be exploited to access restricted files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, potentially including application configuration or user data.

Added: Sep 4, 2025, 11:49 AM

Updated: Sep 4, 2025, 6:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

appRain CMF Path Traversal Vulnerability Allowing Unauthorized File Downloads

Vulnerability

Impact

Affected Products

appRain CMF

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating