vulnerability

Versa Director (CVE-2024-39717): Versa Director Dangerous File Type Upload Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Aug 26, 2024	Sep 4, 2024	Sep 6, 2024

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Aug 26, 2024

Added

Sep 4, 2024

Modified

Sep 6, 2024

Description

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

Solution

versa-director-update-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today