A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information.
History

Wed, 27 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Vegam Solutions
Vegam Solutions vegam 4i
Weaknesses CWE-125
CPEs cpe:2.3:a:vegam_solutions:vegam_4i:*:*:*:*:*:*:*:*
Vendors & Products Vegam Solutions
Vegam Solutions vegam 4i
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 16:30:00 +0000

Type Values Removed Values Added
Description Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.47.0 and earlier allows a remote attacker to obtain sensitive information via the print labelling function. A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information.

Wed, 20 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
Description Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.47.0 and earlier allows a remote attacker to obtain sensitive information via the print labelling function.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-20T00:00:00

Updated: 2024-11-27T17:12:22.132Z

Reserved: 2024-10-28T00:00:00

Link: CVE-2024-51163

cve-icon Vulnrichment

Updated: 2024-11-27T17:12:13.560Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-20T17:15:18.417

Modified: 2024-11-27T18:15:17.760

Link: CVE-2024-51163

cve-icon Redhat

No data.