Back

CVE-2024-33881

June 24, 2024, 7:26 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

VirtoSoftware Virto Bulk File Download

  • 5.5.44 for SharePoint 2019

Source

cve@mitre.org

Tags

cve@mitre.org
2024-06-24
CVE-2024-33881

CVE-2024-33881 details

Published : June 24, 2024, 5:15 p.m.
Last Modified : June 24, 2024, 7:26 p.m.

Description

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq cve@mitre.org
https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.