admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-251xx/CVE-2024-25153.json
cad-safe-bot c4166b51b4 Auto-Update: 2025-01-21T21:00:20.479941+00:00
2025-01-21 21:03:47 +00:00

138 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-25153",
"sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"published": "2024-03-13T15:15:50.913",
"lastModified": "2025-01-21T19:01:46.487",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal within the \u2018ftpservlet\u2019 of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended \u2018uploadtemp\u2019 directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal\u2019s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells."
},
{
"lang": "es",
"value": "Un directory traversal dentro del 'ftpservlet' de FileCatalyst Workflow Web Portal permite cargar archivos fuera del directorio 'uploadtemp' previsto con una solicitud POST especialmente manipulada. En situaciones en las que un archivo se carga correctamente en DocumentRoot del portal web, se pueden utilizar archivos JSP especialmente manipulados para ejecutar c\u00f3digo, incluidos los shells web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-472"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.1.6",
"matchCriteriaId": "AC2A7572-B5E1-443B-A63D-FFC98EDD8224"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:5.1.6:build112:*:*:*:*:*:*",
"matchCriteriaId": "1C338109-0CF4-4212-BF34-A3ECBEC7FDA2"
}
]
}
]
}
],
"references": [
{
"url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html",
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.fortra.com/security/advisory/fi-2024-002",
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.fortra.com/security/advisory/fi-2024-002",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink