Vulnerability Details CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.07
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 9.9
Proposed Action
Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.
Ransomware Campaign
Unknown
References
Products affected by CVE-2024-57968
-
cpe:2.3:a:advantive:veracore:-
-
cpe:2.3:a:advantive:veracore:2024.2.0
-
cpe:2.3:a:advantive:veracore:2024.3.1
-
cpe:2.3:a:advantive:veracore:2024.3.2
-
cpe:2.3:a:advantive:veracore:2024.3.3
-
cpe:2.3:a:advantive:veracore:2024.3.4
-
cpe:2.3:a:advantive:veracore:2024.4.1
-
cpe:2.3:a:advantive:veracore:2024.4.2