CVE-2024-8058

HIGH

FileZ <unknown - Info Disclosure

Title source: llm

Description

An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.

References (1)

[Various Sources] https://www.filez.com/securityPolicy/1.html?1733849740

Scores

CVSS v3 7.6

EPSS 0.0016

EPSS Percentile 36.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1287

Status published

Products (1)

Lenovo/FileZ Client < 9.8.6.0

Published Dec 16, 2024

Tracked Since Feb 18, 2026