CVE-2024-31978

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-22
View all →

Vulnerability Description

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.

Related Vulnerabilities

CVE-2015-8799

HIGH
CVSS:7.6(High)

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for C...

CWE-222015

CVE-2018-6677

HIGH
CVSS:7.6(High)

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vect...

CWE-222018

CVE-2020-24102

HIGH
CVSS:7.6(High)

Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code.

CWE-222020

CVE-2021-27771

HIGH
CVSS:7.6(High)

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hol...

CWE-222021

CVE-2023-23700

HIGH
CVSS:7.6(High)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.

CWE-222023

CVE-2023-23888

HIGH
CVSS:7.6(High)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107...

CWE-222023