CVE-2024-57968

Published: Feb 3, 2025Modified: Nov 4, 2025CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

Affected (1)

Products: Advantive: Veracore

Advantive

1 product

Veracore

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advantive Veracore	Before 2024.4.2.1

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1

Source: cve@mitre.org

Permissions RequiredProductRelease Notes

https://intezer.com/blog/research/xe-group-exploiting-zero-days/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57968

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.