本ページは fortra filecatalyst_direct に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-25155 | In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag. | df4dee71-de3a-4139-9588-11b62fe6c0ff | 7.2 | 0.39% | 2024-03-13 | 2026-06-17 |
| CVE-2024-25154 | Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. | df4dee71-de3a-4139-9588-11b62fe6c0ff | 5.3 | 0.46% | 2024-03-13 | 2026-06-17 |