openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences.
Metrics
Affected Vendors & Products
References
History
Tue, 14 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. | |
| Title | openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download | |
| First Time appeared |
Os4ed
Os4ed opensis-classic |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:os4ed:opensis-classic:9.3:*:linux:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:macos:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:windows:*:*:*:*:* |
|
| Vendors & Products |
Os4ed
Os4ed opensis-classic |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: Fluid Attacks
Published:
Updated: 2026-07-14T15:58:38.983Z
Reserved: 2026-06-10T21:25:07.392Z
Link: CVE-2026-11944
Updated: 2026-07-14T15:58:35.077Z
No data.
No data.
OpenCVE Enrichment
No data.