CVE-2024-31947

StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:stonefly:storage_concentrator:*:*:*:*:*:*:*:*

History

10 Sep 2024, 16:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Stonefly storage Concentrator
Stonefly
CWE CWE-22
CPE cpe:2.3:a:stonefly:storage_concentrator:*:*:*:*:*:*:*:*
References () https://stonefly.com - () https://stonefly.com - Product
References () https://stonefly.com/security-advisories/cve-2024-31947/ - () https://stonefly.com/security-advisories/cve-2024-31947/ - Vendor Advisory

15 Jul 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) StoneFly Storage Concentrator (SC y SCVM) anterior a 8.0.4.26 permite el Directory Traversal por parte de usuarios autenticados. El uso de un parámetro de ruta manipulado con la función de ayuda en línea puede exponer información confidencial del sistema.

12 Jul 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-12 23:15

Updated : 2024-09-10 16:34


NVD link : CVE-2024-31947

Mitre link : CVE-2024-31947

CVE.ORG link : CVE-2024-31947


JSON object : View

Products Affected

stonefly

  • storage_concentrator
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')