CVE-2024-45241

Name of the Vulnerable Software and Affected Versions CentralSquare CryWolf (False Alarm Management) versions prior to 2024-08-09

Description A traversal vulnerability in GeneralDocs.aspx allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. This issue enables attackers to access sensitive data without proper authentication.

Recommendations As a temporary workaround, consider restricting access to the GeneralDocs.aspx page until a patch is available. Limit local network access to minimize the risk of exploitation. Patch immediately and monitor for exploit attempts.