Vulnerability Description
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantive | Veracore | < 2024.4.2.1 |
Related Weaknesses (CWE)
References
- https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-Permissions RequiredProductRelease Notes
- https://intezer.com/blog/research/xe-group-exploiting-zero-days/ExploitTechnical DescriptionThird Party Advisory
- https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-ExploitTechnical DescriptionThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
FAQ
What is CVE-2024-57968?
CVE-2024-57968 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be use...
How severe is CVE-2024-57968?
CVE-2024-57968 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-57968?
Check the references section above for vendor advisories and patch information. Affected products include: Advantive Veracore.