Path Traversal Vulnerability in FileCatalyst Direct Could Lead to Data Leakage
CVE-2024-25154

5.3MEDIUM

Key Information:

Vendor: Fortra
Status: Filecatalyst
Vendor: CVE Published:; 13 March 2024

Summary

A vulnerability in FileCatalyst Direct arising from improper URL validation allows for path traversal, enabling an encoded payload to exploit the web server. This could result in unauthorized access to files located outside the designated web root, potentially leading to sensitive data leakage. Organizations utilizing affected versions should take immediate action to mitigate this risk and secure their server environments.

Affected Version(s)

FileCatalyst 3.8.6 < 3.8.9

References

https://www.fortra.com/security/advisory/fi-2024-003

https://filecatalyst.software/public/filecatalyst/Direct/...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Feb 6, 2024