How severe is CVE-2024-48248?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-48248?

This is classified as CWE-36, which is a common weakness in software security.

CVE-2024-48248

HIGH Year: 2024

CVSS v3 Score

8.6

High

Weakness Type

CWE-36

View all →

Vulnerability Description

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).

CVE-2024-33620

HIGH

CVSS:8.6(High)

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server m...

CWE-362024

CVE-2022-20958

HIGH

CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack o...

CWE-362022

CVE-2023-40597

HIGH

CVSS:8.8(High)

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

CWE-362023

CVE-2023-5022

HIGH

CVSS:8.8(High)

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The...

CWE-362023