← Retour aux CVEs
CVE-2024-38878
HIGH7.2
Description
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
Details CVE
Score CVSS v3.17.2
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie8/2/2024
Derniere modification11/3/2025
Sourcenvd
Observations honeypot0
Produits affectes
siemens:omnivise_t3000_application_server
Faiblesses (CWE)
CWE-22
References
https://cert-portal.siemens.com/productcert/html/ssa-857368.html(productcert@siemens.com)
http://seclists.org/fulldisclosure/2024/Nov/5(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.