{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4542", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-21T15:17:30.652Z", "datePublished": "2026-03-22T08:35:10.929Z", "dateUpdated": "2026-04-18T03:38:56.405Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-18T03:38:56.405Z"}, "title": "SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "n/a", "product": "SSCMS", "versions": [{"version": "4.7.0", "status": "affected"}], "cpes": ["cpe:2.3:a:sscms:sscms:*:*:*:*:*:*:*:*"], "modules": ["layerImage Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-22T11:28:01.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Saul1213 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/352359", "name": "VDB-352359 | SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/352359/cti", "name": "VDB-352359 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/774689", "name": "Submit #774689 | SSCMS V4.7.0 SSCMS Arbitrary File Deletion", "tags": ["third-party-advisory"]}, {"url": "https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:21:37.574176Z", "id": "CVE-2026-4542", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:39:46.684Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4542", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:21:37.574176Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:21:38.664Z"}}], "cna": {"title": "SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "Saul1213 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:sscms:sscms:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["layerImage Endpoint"], "product": "SSCMS", "versions": [{"status": "affected", "version": "4.7.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-21T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-22T11:28:01.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/352359", "name": "VDB-352359 | SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/352359/cti", "name": "VDB-352359 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/774689", "name": "Submit #774689 | SSCMS V4.7.0 SSCMS Arbitrary File Deletion", "tags": ["third-party-advisory"]}, {"url": "https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-18T03:38:56.405Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4542", "state": "PUBLISHED", "dateUpdated": "2026-04-18T03:38:56.405Z", "dateReserved": "2026-03-21T15:17:30.652Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-22T08:35:10.929Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en SSCMS 4.7.0. El elemento afectado es una funci\u00f3n desconocida del archivo LayerImageController.Submit.cs del componente layerImage Endpoint. Dicha manipulaci\u00f3n del argumento filePaths conduce a salto de ruta. El ataque puede realizarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado. El an\u00e1lisis estad\u00edstico dej\u00f3 claro que VulDB proporciona la mejor calidad para los datos de vulnerabilidad."}], "id": "CVE-2026-4542", "lastModified": "2026-04-18T05:16:22.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-22T09:16:00.830", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/774689"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/352359"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/352359/cti"}, {"source": "cna@vuldb.com", "url": "https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.7.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "SSCMS", "source": "cna", "vendor": "n/a"}, "product": "sscms", "vendor": "sscms"}], "analysis": {"en": {"generated_at": "2026-04-18T17:24:50.952316+00:00", "value": {"mitigation_remediation": ["Update SSCMS to a patched or newer version that addresses the path traversal flaw.", "If an update cannot be applied immediately, restrict or disable the layerImage Endpoint so it is not reachable from the public network.", "Verify that any custom code validating file paths is correctly implemented and reject attempts to use directory traversal characters."], "summary": {"action": "Immediate Patch", "impact": "Remote File Path Traversal leading to potential confidentiality compromise"}, "threat_synthesis": {"affected_systems": "SSC Network Management System (SSCMS) version 4.7.0 is affected. No other versions are explicitly listed, so systems running this exact release should evaluate their exposure.", "description_and_impact": "The vulnerability is in an unknown function of the file LayerImageController.Submit.cs within the layerImage Endpoint of SSCMS 4.7.0. By manipulating the filePaths argument, an attacker can perform directory traversal, allowing reading of arbitrary files outside the intended directory. This remote path traversal flaw (CWE\u201122) can expose sensitive server data and may be used as a pivot for further attacks. The exploit can be triggered remotely via HTTP requests to the public endpoint.", "risk_and_exploitability": "The CVSS score of 5.3 designates the problem as moderate severity. The EPSS score is below 1%, indicating a low probability of exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers can trigger the flaw remotely by sending crafted requests to the layerImage endpoint; if successful, they can read files outside the intended directory. The risk is that sensitive configuration or credential files may be disclosed, and the exposed endpoint could be used for additional lateral movements."}}}}, "created": "2026-03-23T09:46:35.121974+00:00", "updated": "2026-04-18T17:30:05.953603+00:00", "vendors": ["sscms", "sscms$PRODUCT$sscms"]}