S-Filer Portal™ is a complete solution that enables large and small organizations to meet all of their enterprise needs for secure file transfer and storage.
Security bulletin: Vulnerability CVE-2023-50164 – Struts 2 – S-Filer Portal
A vulnerability impacting Struts 2 was announced on December 7, 2023. This vulnerability allows manipulation of the uploaded file name to escape the upload folder (“Path traversal”). An application using the uploaded file name to write the uploaded file can write to an arbitrary path on disk. This could allow an attacker to execute code on a vulnerable machine.
After an investigation we have determined that S-Filer/Portal does not use the file upload functionality from Struts 2 and is not vulnerable. The file upload mechanism in S-Filer uses an entirely different technology which is not impacted by a similar vulnerability.
Reference :
CVE: CVE-2023-50164 (https://nvd.nist.gov/vuln/detail/CVE-2023-50164)
OKIOK support team
Do not hesitate to contact our support group if you have any questions regarding this Security Bulletin at support@okiok.com