CVE-2024-56973

Critical

Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute…

mitre·CWE-281·Published 2025-02-14

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

227 chars

Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.

NVDen

227 chars

NVDes

257 chars

La vulnerabilidad de permisos inseguros en Alvaria, Inc Unified IP Unified Director anterior a v.7.2SP2 permite a un atacante remoto ejecutar código arbitrario a través de los parámetros de origen y nombre de archivo del componente ProcessUploadFromURL.jsp.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H