CVE-2024-54453

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 27, 2024

Updated: Dec 31, 2024

CWE ID 22

Summary

CVE-2024-54453 is a newly disclosed vulnerability affecting Kurmi Provisioning Suite versions before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. This issue involves a path traversal vulnerability in the DocServlet servlet, enabling remote attackers to access and retrieve any file from the Kurmi web application installation directory. Potentially sensitive files, including obfuscated and compiled Kurmi source code, could be at risk. The exploitation of this vulnerability may lead to data exposure and unauthorized access to critical system information. Users are urged to update their Kurmi Provisioning Suite installation to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-54453

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations