Podatność CVE-2024-38878
Publikacja: 2024-08-02

Opis:
A vulnerability has been identified in Omnivise T3000 Application Server (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
Andreas Kolbeck
14.11.2024

Typ:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 Referencje:
https://cert-portal.siemens.com/productcert/html/ssa-857368.html
Copyright 2024, cxsecurity.com

 

Back to Top