What is the severity of CVE-2014-2575?

CVE-2014-2575 has been classified as a medium severity vulnerability due to its potential to allow unauthorized access to sensitive files.

How do I fix CVE-2014-2575?

To fix CVE-2014-2575, update the DevExpress ASPxFileManager Control to version 13.1.10 or later.

What software is affected by CVE-2014-2575?

CVE-2014-2575 affects DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC in versions prior to 13.1.10 and certain 13.2.x versions.

Can CVE-2014-2575 be exploited by unauthenticated users?

No, CVE-2014-2575 requires remote authenticated users to exploit the directory traversal vulnerability.

What are the potential impacts of CVE-2014-2575?

The impacts of CVE-2014-2575 include the ability for attackers to read or write arbitrary files on the server.

Vulnerability/
CVE-2014-2575

medium

6.5

CWE

6/6/2014

6/8/2024

CVE-2014-2575: Path Traversal

First published: Fri Jun 06 2014(Updated: )

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
DevExpress ASPxFileManager Control	<=13.1.9
DevExpress ASPxFileManager Control	=10.2
DevExpress ASPxFileManager Control	=10.2.3
DevExpress ASPxFileManager Control	=10.2.4
DevExpress ASPxFileManager Control	=10.2.5
DevExpress ASPxFileManager Control	=10.2.6
DevExpress ASPxFileManager Control	=10.2.8
DevExpress ASPxFileManager Control	=10.2.9
DevExpress ASPxFileManager Control	=10.2.10
DevExpress ASPxFileManager Control	=10.2.11
DevExpress ASPxFileManager Control	=11.1
DevExpress ASPxFileManager Control	=11.1.4
DevExpress ASPxFileManager Control	=11.1.5
DevExpress ASPxFileManager Control	=11.1.6
DevExpress ASPxFileManager Control	=11.1.7
DevExpress ASPxFileManager Control	=11.1.8
DevExpress ASPxFileManager Control	=11.1.9
DevExpress ASPxFileManager Control	=11.1.10
DevExpress ASPxFileManager Control	=11.1.11
DevExpress ASPxFileManager Control	=11.1.12
DevExpress ASPxFileManager Control	=11.2
DevExpress ASPxFileManager Control	=11.2.5
DevExpress ASPxFileManager Control	=11.2.7
DevExpress ASPxFileManager Control	=11.2.8
DevExpress ASPxFileManager Control	=11.2.10
DevExpress ASPxFileManager Control	=11.2.11
DevExpress ASPxFileManager Control	=11.2.12
DevExpress ASPxFileManager Control	=11.2.13
DevExpress ASPxFileManager Control	=11.2.14
DevExpress ASPxFileManager Control	=12.1
DevExpress ASPxFileManager Control	=12.1.4
DevExpress ASPxFileManager Control	=12.1.5
DevExpress ASPxFileManager Control	=12.1.6
DevExpress ASPxFileManager Control	=12.1.7
DevExpress ASPxFileManager Control	=12.1.8
DevExpress ASPxFileManager Control	=12.1.9
DevExpress ASPxFileManager Control	=12.1.10
DevExpress ASPxFileManager Control	=12.1.11
DevExpress ASPxFileManager Control	=12.1.12
DevExpress ASPxFileManager Control	=12.2
DevExpress ASPxFileManager Control	=12.2.4
DevExpress ASPxFileManager Control	=12.2.5
DevExpress ASPxFileManager Control	=12.2.6
DevExpress ASPxFileManager Control	=12.2.7
DevExpress ASPxFileManager Control	=12.2.8
DevExpress ASPxFileManager Control	=12.2.10
DevExpress ASPxFileManager Control	=12.2.11
DevExpress ASPxFileManager Control	=12.2.12
DevExpress ASPxFileManager Control	=12.2.13
DevExpress ASPxFileManager Control	=12.2.15
DevExpress ASPxFileManager Control	=12.2.16
DevExpress ASPxFileManager Control	=13.1
DevExpress ASPxFileManager Control	=13.1.4
DevExpress ASPxFileManager Control	=13.1.5
DevExpress ASPxFileManager Control	=13.1.6
DevExpress ASPxFileManager Control	=13.1.7
DevExpress ASPxFileManager Control	=13.1.8
DevExpress ASPxFileManager Control	=13.2
DevExpress ASPxFileManager Control	=13.2.5
DevExpress ASPxFileManager Control	=13.2.6
DevExpress ASPxFileManager Control	=13.2.7
DevExpress ASPxFileManager Control	=13.2.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-2575?
CVE-2014-2575 has been classified as a medium severity vulnerability due to its potential to allow unauthorized access to sensitive files.
How do I fix CVE-2014-2575?
To fix CVE-2014-2575, update the DevExpress ASPxFileManager Control to version 13.1.10 or later.
What software is affected by CVE-2014-2575?
CVE-2014-2575 affects DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC in versions prior to 13.1.10 and certain 13.2.x versions.
Can CVE-2014-2575 be exploited by unauthenticated users?
No, CVE-2014-2575 requires remote authenticated users to exploit the directory traversal vulnerability.
What are the potential impacts of CVE-2014-2575?
The impacts of CVE-2014-2575 include the ability for attackers to read or write arbitrary files on the server.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/devexpress
canonical/devexpress aspxfilemanager control
version/devexpress aspxfilemanager control/13.1.9
version/devexpress aspxfilemanager control/10.2
version/devexpress aspxfilemanager control/10.2.3
version/devexpress aspxfilemanager control/10.2.4
version/devexpress aspxfilemanager control/10.2.5
version/devexpress aspxfilemanager control/10.2.6
version/devexpress aspxfilemanager control/10.2.8
version/devexpress aspxfilemanager control/10.2.9
version/devexpress aspxfilemanager control/10.2.10
version/devexpress aspxfilemanager control/10.2.11
version/devexpress aspxfilemanager control/11.1
version/devexpress aspxfilemanager control/11.1.4
version/devexpress aspxfilemanager control/11.1.5
version/devexpress aspxfilemanager control/11.1.6
version/devexpress aspxfilemanager control/11.1.7
version/devexpress aspxfilemanager control/11.1.8
version/devexpress aspxfilemanager control/11.1.9
version/devexpress aspxfilemanager control/11.1.10
version/devexpress aspxfilemanager control/11.1.11
version/devexpress aspxfilemanager control/11.1.12
version/devexpress aspxfilemanager control/11.2
version/devexpress aspxfilemanager control/11.2.5
version/devexpress aspxfilemanager control/11.2.7
version/devexpress aspxfilemanager control/11.2.8
version/devexpress aspxfilemanager control/11.2.10
version/devexpress aspxfilemanager control/11.2.11
version/devexpress aspxfilemanager control/11.2.12
version/devexpress aspxfilemanager control/11.2.13
version/devexpress aspxfilemanager control/11.2.14
version/devexpress aspxfilemanager control/12.1
version/devexpress aspxfilemanager control/12.1.4
version/devexpress aspxfilemanager control/12.1.5
version/devexpress aspxfilemanager control/12.1.6
version/devexpress aspxfilemanager control/12.1.7
version/devexpress aspxfilemanager control/12.1.8
version/devexpress aspxfilemanager control/12.1.9
version/devexpress aspxfilemanager control/12.1.10
version/devexpress aspxfilemanager control/12.1.11
version/devexpress aspxfilemanager control/12.1.12
version/devexpress aspxfilemanager control/12.2
version/devexpress aspxfilemanager control/12.2.4
version/devexpress aspxfilemanager control/12.2.5
version/devexpress aspxfilemanager control/12.2.6
version/devexpress aspxfilemanager control/12.2.7
version/devexpress aspxfilemanager control/12.2.8
version/devexpress aspxfilemanager control/12.2.10
version/devexpress aspxfilemanager control/12.2.11
version/devexpress aspxfilemanager control/12.2.12
version/devexpress aspxfilemanager control/12.2.13
version/devexpress aspxfilemanager control/12.2.15
version/devexpress aspxfilemanager control/12.2.16
version/devexpress aspxfilemanager control/13.1
version/devexpress aspxfilemanager control/13.1.4
version/devexpress aspxfilemanager control/13.1.5
version/devexpress aspxfilemanager control/13.1.6
version/devexpress aspxfilemanager control/13.1.7
version/devexpress aspxfilemanager control/13.1.8
version/devexpress aspxfilemanager control/13.2
version/devexpress aspxfilemanager control/13.2.5
version/devexpress aspxfilemanager control/13.2.6
version/devexpress aspxfilemanager control/13.2.7
version/devexpress aspxfilemanager control/13.2.8