#VU103655 Path traversal in VeraCore - CVE-2024-57968
Published: February 5, 2025 / Updated: March 2, 2026
Vulnerability identifier: #VU103655
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2024-57968
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
VeraCore
VeraCore
Software vendor:
Advantive
Advantive
Description
The vulnerability allows a remote user to upload files to arbitrary folders on the system.
The vulnerability exists due to input validation error when processing file uploads in /VeraCore/OMS/upload.aspx. A remote authenticated user can send a specially crafted HTTP POST request and upload files to an arbitrary location on the system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install updates from vendor's website.