Test Data Management
Monthly
Remote unauthenticated attackers can read arbitrary server files in ZwickRoell Test Data Management versions before 3.0.8 by exploiting a path traversal flaw in the node_upgrade_srv.js endpoint's firmware parameter. The vulnerability enables direct access to sensitive system files including credentials, configuration data, and source code without authentication. Despite the high CVSS score (8.7), the low EPSS probability (0.06%, 17th percentile) indicates minimal automated exploitation activity, though the unauthenticated network attack vector and low complexity make this readily exploitable if discovered by adversaries targeting industrial testing infrastructure.
Remote unauthenticated attackers can read arbitrary server files in ZwickRoell Test Data Management versions before 3.0.8 by exploiting a path traversal flaw in the node_upgrade_srv.js endpoint's firmware parameter. The vulnerability enables direct access to sensitive system files including credentials, configuration data, and source code without authentication. Despite the high CVSS score (8.7), the low EPSS probability (0.06%, 17th percentile) indicates minimal automated exploitation activity, though the unauthenticated network attack vector and low complexity make this readily exploitable if discovered by adversaries targeting industrial testing infrastructure.