7.2
CVE-2024-7694
- EPSS 1.22%
- Veröffentlicht 12.08.2024 13:38:58
- Zuletzt bearbeitet 18.02.2026 13:46:48
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teamt5 ≫ Threatsonar Anti-ransomware Version < 3.5.0
17.02.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
SchwachstelleTeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system commands on the server.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.788 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| twcert@cert.org.tw | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.