CVE-2024-57249

Name of the Vulnerable Software and Affected Versions Gleamtech FileVista version 9.2.0.0

Description The issue is related to incorrect access control in the preview function, allowing remote attackers to gain unauthorized access by exploiting a vulnerability in access control mechanisms. This is achieved by removing authentication-related HTTP headers, such as the Cookie header, in the request, which bypasses the authentication process. As a result, attackers can access sensitive image files without proper login credentials.

Recommendations For Gleamtech FileVista version 9.2.0.0, consider disabling the preview function until a patch is available to prevent unauthorized access to sensitive image files. Restrict access to the vulnerable preview module to minimize the risk of exploitation. Avoid using the Cookie header in requests to the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.