Directory Traversal Vulnerability in StoneFly Storage Concentrator
CVE-2024-31947

6.5MEDIUM

Key Information:

Vendor

Stonefly

Vendor
CVE Published:
12 July 2024

What is CVE-2024-31947?

The StoneFly Storage Concentrator and its associated virtual machine versions prior to 8.0.4.26 are susceptible to a directory traversal vulnerability that allows authenticated users to manipulate crafted path parameters via the Online Help feature. This flaw can potentially expose sensitive system information, leading to unauthorized access and possible data breaches.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.