PT-2024-25515 · Logpoint · Logpoint
Rushmi Bhuju
·
Published
2024-05-07
·
Updated
2024-07-03
·
CVE-2024-33860
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Logpoint versions prior to 7.4.0
Description
An issue was discovered that allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
Recommendations
For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of arbitrary File Paths within the File System Collector to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logpoint