CVE Vulnerabilities

CVE-2024-51549

Absolute Path Traversal

Published: Dec 05, 2024 | Modified: Feb 27, 2025
CVSS 3.x
9.4
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products:

ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Weakness

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory.

Affected Software

Name Vendor Start Version End Version
Aspect-ent-12_firmware Abb * 3.08.03 (excluding)

References