CVE-2024-1630

Name of the Vulnerable Software and Affected Versions: Common Service Desktop versions (affected versions not specified)

Description: The issue is related to a path traversal vulnerability in the getAllFolderContents() function of the Common Service Desktop component in GE HealthCare ultrasound devices. This vulnerability is caused by incorrect restriction of the directory path name with limited access. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.