In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NAxway File Tranfer Direct
APPAxway2.7.1
Related vulnerabilities
Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to una...
Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service...
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authent...
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote att...
Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different respo...