CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9257 – Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2024-9257
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. • https://support.logsign.net/hc/en-us/articles/21062889743762-30-08-2024-Version-6-4-26-Release-Notes https://www.zerodayinitiative.com/advisories/ZDI-24-1295 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7603 – Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2024-7603
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1105 https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7601 – Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2024-7601
Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1106 https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7604 – Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-7604
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of the user's license expiration date. An attacker can leverage this vulnerability to bypass authentication on the system. • https://www.zerodayinitiative.com/advisories/ZDI-24-1104 https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7600 – Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2024-7600
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1103 https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •