CVE-2024-51163

Name of the Vulnerable Software and Affected Versions: Vegam 4i versions 6.3.47.0 and earlier

Description: A Local File Inclusion issue allows a remote attacker to obtain sensitive information through the print label function. The filePathList parameter is susceptible to this issue, enabling a malicious user to include files from the web server, such as web.config or /etc/hosts, leading to the disclosure of sensitive information.

Recommendations: For versions 6.3.47.0 and earlier, consider disabling the print label function until a patch is available. Restrict access to sensitive files on the web server to minimize the risk of exploitation. Avoid using the filePathList parameter in the affected print labelling function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.