CVE-2024-50054
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-50054 is a newly disclosed vulnerability that impacts the back-end of certain applications. The issue arises from the failure to adequately validate user-controlled filename parameters, creating an avenue for attackers to execute path traversal attacks. By exploiting this weakness, adversaries can potentially gain unauthorized access to arbitrary files residing in the targeted system's file system. This vulnerability poses a significant risk, as it can lead to information disclosure and potential unauthorized system modifications. Organizations utilizing the affected back-end are urged to apply patches or workarounds as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.