Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-51948

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Jan, 2024 | 00:00
Updated At-20 Jun, 2025 | 18:22
Rejected At-
Credits

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Jan, 2024 | 00:00
Updated At:20 Jun, 2025 | 18:22
Rejected At:
▼CVE Numbering Authority (CNA)

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx
N/A
https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md
N/A
Hyperlink: https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx
Resource: N/A
Hyperlink: https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx
x_transferred
https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md
x_transferred
Hyperlink: https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx
Resource:
x_transferred
Hyperlink: https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-548CWE-548 Exposure of Information Through Directory Listing
Type: CWE
CWE ID: CWE-548
Description: CWE-548 Exposure of Information Through Directory Listing
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Jan, 2024 | 14:15
Updated At:20 Jun, 2025 | 19:15

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
actidata
actidata
>>actinas_sl_2u-8_rdx_firmware>>3.2.03
cpe:2.3:o:actidata:actinas_sl_2u-8_rdx_firmware:3.2.03:sp1:*:*:*:*:*:*
actidata
actidata
>>actinas_sl_2u-8_rdx>>-
cpe:2.3:h:actidata:actinas_sl_2u-8_rdx:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-548Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-548
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.mdcve@mitre.org
Exploit
Third Party Advisory
https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdxcve@mitre.org
Product
https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdxaf854a3a-2127-422b-91ae-364da2661108
Product
Hyperlink: https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

14Records found
CVE-2021-45446
Matching Score-4
Assigner-Hitachi Vantara
ShareView Details
Matching Score-4
Assigner-Hitachi Vantara
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 14:26
Updated-02 May, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pentaho Business Analytics Server - Exposure of Information Through Directory Listing

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Action-Not Available
Vendor-Hitachi Vantara LLCHitachi, Ltd.
Product-vantara_pentahoPentaho Business Analytics Server
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2019-5415
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.27%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 19:28
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.

Action-Not Available
Vendor-zeitn/a
Product-serveserve
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27505
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.78%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:17
Updated-16 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO Exposure of Information Through Directory Listing

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.

Action-Not Available
Vendor-myscadamySCADA
Product-mypromyPRO
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2024-28766
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.4||LOW
EPSS-0.05% / 13.66%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 01:14
Updated-14 Jul, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Integrator information disclosure

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_directory_integratorsecurity_directory_integratorSecurity Directory IntegratorSecurity Verify Directory Integrator
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2021-21528
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.48%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2023-49979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.71%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 00:00
Updated-05 Mar, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.

Action-Not Available
Vendor-n/aSourceCodestermayuri_k
Product-best_student_management_systemn/acustomer_support_system
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-862
Missing Authorization
CVE-2024-22082
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.63%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 00:00
Updated-16 Apr, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.

Action-Not Available
Vendor-elspec-ltdn/aelspec
Product-g5dfrg5dfr_firmwaren/ag5_digital_fault_recorder
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2025-4807
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 50.89%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 19:31
Updated-28 May, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student Clearance System exposure of information through directory listing

A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-online_student_clearance_systemOnline Student Clearance System
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-45320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 00:00
Updated-07 May, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.

Action-Not Available
Vendor-lopalopan/a
Product-online_service_management_portaln/a
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2016-15019
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.17%
||
7 Day CHG~0.00%
Published-15 Jan, 2023 | 18:58
Updated-08 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
tombh jekbox server.rb exposure of information through directory listing

A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375.

Action-Not Available
Vendor-jekbox_projecttombh
Product-jekboxjekbox
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-2652
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 15:00
Updated-26 Mar, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. Multiple sub-directories are affected.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging System
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-7164
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.62%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 17:28
Updated-11 Apr, 2025 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BackWPup < 4.0.4 - Unauthenticated Backup Download

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.

Action-Not Available
Vendor-inpsydeUnknowninpsyde
Product-backwpupBackWPupbackwpup
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2024-8711
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.14% / 35.07%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 03:31
Updated-13 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System includes exposure of information through directory listing

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information through directory listing. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management Systemfood_ordering_management_system
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2024-7762
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.38%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:07
Updated-27 Aug, 2025 | 12:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Job Board < 2.12.6 - Unauthenticated Resumes Download

The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes

Action-Not Available
Vendor-presstigersUnknown
Product-simple_job_boardSimple Job Board
CWE ID-CWE-548
Exposure of Information Through Directory Listing
Details not found