CVE-2024-38878

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38878
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-857368.html Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*
History

17 Sep 2024, 15:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.2 		v2 : unknown
v3 : 6.5
First Time Siemens
Siemens omnivise T3000 Application Server
CPE cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*
References () https://cert-portal.siemens.com/productcert/html/ssa-857368.html - () https://cert-portal.siemens.com/productcert/html/ssa-857368.html - Mitigation, Vendor Advisory

13 Aug 2024, 08:15

Type Values Removed Values Added
Summary (en) A vulnerability has been identified in Omnivise T3000 Application Server (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. (en) A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en Omnivise T3000 Application Server (todas las versiones). Los dispositivos afectados permiten a los usuarios autenticados exportar datos de diagnóstico. El endpoint API correspondiente es susceptible a path traversal y podría permitir que un atacante autenticado descargue archivos arbitrarios del sistema de archivos.

02 Aug 2024, 11:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-02 11:16

Updated : 2024-09-17 15:50

NVD link : CVE-2024-38878

Mitre link : CVE-2024-38878

CVE.ORG link : CVE-2024-38878

JSON object : View

Products Affected

siemens

  • omnivise_t3000_application_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024