← Zuruck zu CVEs
CVE-2024-38878
HIGH7.2
Beschreibung
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
CVE Details
CVSS v3.1 Bewertung7.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht8/2/2024
Zuletzt geandert11/3/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
siemens:omnivise_t3000_application_server
Schwachen (CWE)
CWE-22
Referenzen
https://cert-portal.siemens.com/productcert/html/ssa-857368.html(productcert@siemens.com)
http://seclists.org/fulldisclosure/2024/Nov/5(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.