CVE-2024-57249

MEDIUM

Gleamtech FileVista 9.2.0.0 - Unauthenticated Unauthorized Access via Preview Function Header Removal

Title source: llm

Description

Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://packetstorm.news/files/id/189019

Product

https://www.gleamtech.com/filevista

Scores

CVSS v3 6.5

EPSS 0.0046

EPSS Percentile 36.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

gleamtech/filevista 9.2.0

Published Feb 07, 2025

Tracked Since Feb 18, 2026