CVE-2024-41765

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 4, 2025
CWE ID 22

Summary

CVE-2024-41765 is a vulnerability affecting IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This issue allows remote attackers to traverse directories on the system by sending specially crafted URL requests containing "dot dot" sequences ("/../"). This vulnerability poses a potential risk for unauthorized file disclosure, and it is essential for affected organizations to apply the necessary patches as soon as possible to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share