CVE-2024-35274

LOW Year: 2024
CVSS v3 Score
2.3
Low
Weakness Type
CWE-23
View all →

Vulnerability Description

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.

Related Vulnerabilities

CVE-2022-2106

LOW
CVSS:2.7(Low)

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.

CWE-232022

CVE-2022-42474

LOW
CVSS:2.7(Low)

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 throug...

CWE-232022

CVE-2022-4123

LOW
CVSS:3.3(Low)

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

CWE-232022

CVE-2023-34117

LOW
CVSS:3.3(Low)

Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.

CWE-232023

CVE-2023-35816

LOW
CVSS:3.5(Low)

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.

CWE-232023

CVE-2024-4330

MEDIUM
CVSS:4.0(Medium)

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the ...

CWE-232024