CVE-2024-31947

StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:stonefly:storage_concentrator:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:14

Type Values Removed Values Added
References () https://stonefly.com - Product () https://stonefly.com - Product
References () https://stonefly.com/security-advisories/cve-2024-31947/ - Vendor Advisory () https://stonefly.com/security-advisories/cve-2024-31947/ - Vendor Advisory

10 Sep 2024, 16:34

Type Values Removed Values Added
CPE cpe:2.3:a:stonefly:storage_concentrator:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://stonefly.com - () https://stonefly.com - Product
References () https://stonefly.com/security-advisories/cve-2024-31947/ - () https://stonefly.com/security-advisories/cve-2024-31947/ - Vendor Advisory
First Time Stonefly storage Concentrator
Stonefly
CWE CWE-22

15 Jul 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) StoneFly Storage Concentrator (SC y SCVM) anterior a 8.0.4.26 permite el Directory Traversal por parte de usuarios autenticados. El uso de un parámetro de ruta manipulado con la función de ayuda en línea puede exponer información confidencial del sistema.

12 Jul 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-12 23:15

Updated : 2024-11-21 09:14


NVD link : CVE-2024-31947

Mitre link : CVE-2024-31947

CVE.ORG link : CVE-2024-31947


JSON object : View

Products Affected

stonefly

  • storage_concentrator
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')