CVE-2024-38432

July 30, 2024, 1:32 p.m.

5.5
Medium

Description

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Product(s) Impacted

Product Versions
UNKNOWN

Weaknesses

CWE-646
Reliance on File Name or Extension of Externally-Supplied File
The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.

References

https://www.gov.il/en/Departments/faq/cve_advisories

Tags

cna@cyber.gov.il
2024-07-30
CVE-2024-38432
CWE-646

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: HIGH
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW
    • View Vector String

    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Date

  • Published: July 30, 2024, 9:15 a.m.
  • Last Modified: July 30, 2024, 1:32 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@cyber.gov.il

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.