PT-2026-22907 · Hallo Welt! Gmbh · Extension:Nsfilerepo+1
Published
2026-03-04
·
Updated
2026-03-04
·
CVE-2026-24732
CVSS v4.0
6.6
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:L/U:X |
Name of the Vulnerable Software and Affected Versions
Hallo Welt! GmbH BlueSpice versions 5.1 through 5.1.5
Hallo Welt! GmbH BlueSpice versions 5.2 through 5.2.0
Description
An issue exists in the Extension:NSFileRepo modules of BlueSpice that allows access to functionality not properly constrained by Access Control Lists (ACLs), potentially bypassing electronic locks and access controls. This could lead to unauthorized access to files or directories. The affected versions are 3.0 versions prior to 3.0.5.
Recommendations
Update BlueSpice to a version after 5.1.5
Update BlueSpice to a version after 5.2.0
Update Extension:NSFileRepo to version 3.0.5 or later
Fix
Incorrect Permission
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bluespice
Extension:Nsfilerepo