CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-8525 – Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2024-8525
21 Nov 2024 — An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8526 – Automated Logic WebCTRL and Carrier i-Vu Open Redirect
https://notcve.org/view.php?id=CVE-2024-8526
21 Nov 2024 — A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp" A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp" • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •