Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-8510

Summary
Assigner-N-able
Assigner Org ID-a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
Published At-17 Mar, 2025 | 19:01
Updated At-18 Mar, 2025 | 14:41
Rejected At-
Credits

N-central Path Traversal

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:N-able
Assigner Org ID:a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
Published At:17 Mar, 2025 | 19:01
Updated At:18 Mar, 2025 | 14:41
Rejected At:
▼CVE Numbering Authority (CNA)
N-central Path Traversal

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6.

Affected Products
Vendor
N-able
Product
N-central
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.6 (date)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWECWE-23CWE-23: Relative Path Traversal
Type: CWE
CWE ID: CWE-22
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-23
Description: CWE-23: Relative Path Traversal
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-139CAPEC-139 Relative Path Traversal
CAPEC ID: CAPEC-139
Description: CAPEC-139 Relative Path Traversal
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://documentation.n-able.com/N-central/Release_Notes/GA/Content/N-central_2024.6_Release_Notes.htm
N/A
https://me.n-able.com/s/security-advisory/aArVy0000000XgjKAE/cve20248510-ncentral-path-traversal
N/A
Hyperlink: https://documentation.n-able.com/N-central/Release_Notes/GA/Content/N-central_2024.6_Release_Notes.htm
Resource: N/A
Hyperlink: https://me.n-able.com/s/security-advisory/aArVy0000000XgjKAE/cve20248510-ncentral-path-traversal
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
Published At:17 Mar, 2025 | 19:15
Updated At:17 Mar, 2025 | 19:15

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-22Secondarya5532a13-c4dd-4202-bef1-e0b8f2f8d12b
CWE-23Secondarya5532a13-c4dd-4202-bef1-e0b8f2f8d12b
CWE ID: CWE-22
Type: Secondary
Source: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
CWE ID: CWE-23
Type: Secondary
Source: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://documentation.n-able.com/N-central/Release_Notes/GA/Content/N-central_2024.6_Release_Notes.htma5532a13-c4dd-4202-bef1-e0b8f2f8d12b
N/A
https://me.n-able.com/s/security-advisory/aArVy0000000XgjKAE/cve20248510-ncentral-path-traversala5532a13-c4dd-4202-bef1-e0b8f2f8d12b
N/A
Hyperlink: https://documentation.n-able.com/N-central/Release_Notes/GA/Content/N-central_2024.6_Release_Notes.htm
Source: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
Resource: N/A
Hyperlink: https://me.n-able.com/s/security-advisory/aArVy0000000XgjKAE/cve20248510-ncentral-path-traversal
Source: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

202Records found
CVE-2022-36243
Matching Score-4
Assigner-Shop Beat Solutions (Pty) LTD
ShareView Details
Matching Score-4
Assigner-Shop Beat Solutions (Pty) LTD
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 48.86%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Traversal on Shop Beat Services

Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.

Action-Not Available
Vendor-shopbeatShop Beat
Product-shop_beat_media_playerstudio
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-24942
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 09:21
Updated-01 Aug, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found