CVE-2020-9050 – Metasys Reporting Engine (MRE) Web Services - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

https://notcve.org/view.php?id=CVE-2020-9050

19 Feb 2021 — Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. Una vulnerabilidad Salto de Ruta se presenta en Metasys Reporting Engine (MRE) Web Services que podría permitir a un atacante remoto no autenticado acceder y descargar archivos arbitrarios del sistema • https://www.johnsoncontrols.com/cyber-solutions/security-advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •