Unrestricted Upload of File with Dangerous Type
CVE-2024-36396

8.8HIGH

Key Information:

Vendor: Verint
Status: Wfo
Vendor: CVE Published:; 13 June 2024

What is CVE-2024-36396?

An unrestricted file upload vulnerability exists in Verint software, allowing attackers to upload files that could be potentially harmful. This flaw falls under CWE-434, which specifically addresses the risks associated with uploading files of dangerous types. Attackers may exploit this vulnerability to execute arbitrary code, compromise data integrity, or gain unauthorized access to sensitive information. Organizations utilizing Verint products are advised to implement appropriate security measures and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

WFO All versions

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
May 27, 2024

Credit

Osher Assor

CVE-2024-36396 Data

JSON