CVE-2024-56973

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 14, 2025

Updated: Feb 28, 2025

CWE ID 281

Summary

CVE-2024-56973 is an Insecure Permissions vulnerability affecting Alvaria, Inc's Unified IP Unified Director software before version 7.2SP2. An attacker can exploit this flaw by manipulating the source and filename parameters in requests to the ProcessUploadFromURL.jsp component. Successful exploitation allows the attacker to execute arbitrary code remotely. Organizations using this software are urged to upgrade to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T2fVA
https://www.cve.org/CVERecord?id=CVE-2024-56973
https://nvd.nist.gov/vuln/detail/CVE-2024-56973

Back to Vulnerability Database

CVE-2024-56973

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations