Freeflow Core
CVE-2024-47556
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Pre-Auth RCE via Path Traversal
AnalysisAI
Pre-Auth RCE via Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Affected products include: Xerox Freeflow Core.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Freeflow Core
View allPath traversal vulnerability in Xerox FreeFlow Core allows attackers to access files outside restricted directories, pot
Pre-Auth RCE via Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no auth
Authenticated RCE via Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low at
Authenticated RCE via Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low at
Xerox FreeFlow Core versions through 8.0.7 contain an XML External Entity (XXE) vulnerability that allows unauthenticate
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized file
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. Rated high s
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today