KEVIntel
Back to KEVs
9.9
CVSS
Critical

CVE-2024-57968

PUBLISHED

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Advantive
Product
VeraCore
Published
Feb 03, 2025
EPSS

Description

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

cisa

CVSS scores

CVSS v3.1 9.9 Critical

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-03-10 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 10, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel