AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-28382: Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alt

highvulnerability

security

Source: NVD/CVE DatabaseMay 26, 2023CVE-2023-28382

Summary

CVE-2023-28382 is a directory traversal vulnerability (a flaw that lets attackers access files outside intended directories) in ESS REC Agent Server Edition across multiple operating systems. An authenticated attacker (someone with valid login credentials) can use this vulnerability to view or modify any file on the affected server. The vulnerability affects versions 1.0.0 to 1.4.3 on Linux, 1.1.0 to 1.4.0 on Solaris and HP-UX, and 1.2.0 to 1.4.1 on AIX.

Vulnerability Details

CVSS Score

8.1(high)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-22 CWE-22

CAPEC (Attack Pattern)

CAPEC-126

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-28382

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 95%