This article is a part of our Vulnerability Database (back to index)
Path Traversal occurrences in Iview
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. (2022-07-22, CVE-2022-2139)
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. (2021-02-11, CVE-2021-22656)
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. (2020-08-25, CVE-2020-16245)
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. (2020-07-15, CVE-2020-14507)
Why Path Traversal can be dangerous
Relative Path Confusion means that your web server is configured to serve responses to ambiguous URLs. This configuration can possibly cause confusion about the correct relative path for the URL. It is also an issue of resources, such as images, styles etc., which are specified in the response using relative path, not the absolute URL.
If the web browser permits to parse "cross-content" response, the attacker may be able to fool the web browser into interpreting HTML into other content types, which can then lead to a cross site scripting attack (link do XSS).