The issue, tracked as CVE-2024-48248 (CVSS score of 8.6), is a high-severity bug that could allow attackers to execute arbitrary code remotely within enterprise environments, a NIST advisory reads.
“This vulnerability allows attackers to read arbitrary files on the affected system without authentication. Exploiting this vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises,” Nakivo notes in its advisory.
https://www.securityweek.com/cisa-warns ... erability/