CVE-2024-37372

Low

Low Medium High Critical

CVSS Score

Published: Jan 09, 2025

Last Modified: May 02, 2025

Vulnerability Description

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.

Available Security Patches

1 patch available from vendors

View All Patches

Oracle

CPUJAN2025

Oracle Critical Patch Update Advisory - January 2025

Severity

Critical

Released

Jan 21, 2025

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-22 Top 25 #6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description: The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can…
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A01:2021-Broken Access Control
Abstraction Level: Base