CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 03, 2025
Published Date: February 03, 2025
Last Updated: March 14, 2025
Vendor: Advantive
Product: VeraCore
Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

CVSS Scores

CVSS v3.1

9.9 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2025-03-10 00:00:00 UTC) Source

References

https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1 https://intezer.com/blog/research/xe-group-exploiting-zero-days/ https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-03-10 00:00:00 UTC