CVE-2024-57968
CVSS Score
9.9
EPSS Score
0.0%
EPSS Percentile
0th
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
| CWE | CWE-434 |
| Vendor | advantive |
| Product | veracore |
| Published | Feb 3, 2025 |
| Last Updated | Oct 21, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for advantive veracore
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-57968.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Advantive / VeraCore
0 < 2024.4.2.1
References
advantive.my.site.com: https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1 intezer.com: https://intezer.com/blog/research/xe-group-exploiting-zero-days/ solissecurity.com: https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57968