CVE-2024-57968

CRITICAL KEV

Advantive Veracore < 2024.4.2.1 - Unrestricted File Upload

Title source: rule

Description

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

References (4)

[Permissions Required, Product, Release Notes] https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1

[Exploit, Technical Description, Third Party Advisory] https://intezer.com/blog/research/xe-group-exploiting-zero-days/

[Exploit, Technical Description, Third Party Advisory] https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57968

Scores

CVSS v3 9.9

EPSS 0.4366

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2025-03-10

VulnCheck KEV 2025-02-03

ENISA EUVD EUVD-2024-53868

CWE

CWE-434

Status published

Products (1)

advantive/veracore < 2024.4.2.1

Published Feb 03, 2025

KEV Added Mar 10, 2025

Tracked Since Feb 18, 2026