Home > Vulnerability Database > CVE-2022-2120

Mend.io Vulnerability Database

CVE-2022-2120

Date: June 24, 2022

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

Severity Score

5.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2120

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-2120

Url: https://security-tracker.debian.org/tracker/CVE-2022-2120

Url: https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01

Url: https://www.mend.io/vulnerability-database/CVE-2022-2120

Severity Score

5.5

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2120

Date: June 24, 2022

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?