CVE-2024-8655: Mercury MNVR816 web-static file access
First published: Tue Sep 10 2024(Updated: )
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mercury Mail Server | <=2.0.1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-8655?
CVE-2024-8655 has been classified as problematic due to its potential to expose files or directories.
How do I fix CVE-2024-8655?
To fix CVE-2024-8655, users should upgrade their Mercury MNVR816 devices to a version beyond 2.0.1.0.5.
What file is affected by CVE-2024-8655?
CVE-2024-8655 affects an unknown part of the file located at /web-static/.
Can CVE-2024-8655 be exploited remotely?
Yes, CVE-2024-8655 can be exploited remotely, allowing attackers to access sensitive files or directories.
Which versions of Mercury MNVR816 are vulnerable to CVE-2024-8655?
Versions of Mercury MNVR816 up to and including 2.0.1.0.5 are vulnerable to CVE-2024-8655.
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mercury
- canonical/mercury mail server