Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8
CVE-2024-5275
- EPSS 0.05%
- Veröffentlicht 18.06.2024 15:15:52
- Zuletzt bearbeitet 21.11.2024 09:47:19
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in...
5.3
CVE-2024-25154
- EPSS 0.29%
- Veröffentlicht 13.03.2024 15:15:51
- Zuletzt bearbeitet 21.01.2025 19:01:35
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.
6.1
CVE-2024-25155
- EPSS 1.04%
- Veröffentlicht 13.03.2024 15:15:51
- Zuletzt bearbeitet 21.01.2025 18:59:03
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary c...
1