9.9
CVE-2024-57968
- EPSS 15.5%
- Veröffentlicht 03.02.2025 20:15:36
- Zuletzt bearbeitet 13.03.2025 14:31:46
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
10.03.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Advantive VeraCore Unrestricted File Upload Vulnerability
SchwachstelleAdvantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.5% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cve@mitre.org | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.