CVE-2020-24624 Vulnerability Details

  /     /     /  

CVE-2020-24624 Metadata Quick Info

CVE Published: 23/09/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: hpe | Vendor: n/a | Product: HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter
Status : PUBLISHED

CVE-2020-24624 Description

Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Directory traversal information disclosure vulnerability
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: