CVE-2020-24625: Path Traversal
First published: Wed Sep 23 2020(Updated: )
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hpe Utility Computing Service Meter | =1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-24625?
CVE-2020-24625 is a vulnerability in the ReceiverServlet class doGet() method in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9 that allows unauthenticated directory traversal and arbitrary file reads.
How severe is CVE-2020-24625?
CVE-2020-24625 has a severity score of 7.5 (high), indicating a significant threat.
Which software is affected by CVE-2020-24625?
HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9 is affected by CVE-2020-24625.
How can the vulnerability be exploited?
The vulnerability can be exploited by performing unauthenticated directory traversal and arbitrary file reads through the ReceiverServlet class doGet() method.
Is there a fix available for CVE-2020-24625?
To fix CVE-2020-24625, it is recommended to apply the necessary updates provided by HPE Utility Computing Service Meter.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hpe
- canonical/hpe utility computing service meter
- version/hpe utility computing service meter/1.9