Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38878

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.

Published

2024-08-02T11:16:42.260

Last Modified

2024-09-17T15:50:41.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	omnivise_t3000_application_server	r9.2	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-857368.html Mitigation, Vendor Advisory ([email protected])