Reconnecting to live updates…

CVE-2024-38878: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Siemens Omnivise T3000 Application Server R9.2

High

VulnerabilityCVE-2024-38878cve cve-2024-38878 cwe-22

Published: Fri Aug 02 2024 (08/02/2024, 10:36:19 UTC)

Source: CVE Database V5

Vendor/Project: Siemens

Product: Omnivise T3000 Application Server R9.2

Description

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.

Technical Details

Data Version: 5.2
Assigner Short Name: siemens
Date Reserved: 2024-06-21T08:28:10.678Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 690929aafe7723195e0fd664

Added to database: 11/3/2025, 10:16:10 PM

Last updated: 11/3/2025, 10:19:57 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2024-4032: Vulnerability in Python Software Foundation CPython

High

VulnerabilityMon Nov 03 2025

CVE-2024-40867: A remote attacker may be able to break out of Web Content sandbox in Apple iOS and iPadOS

High

VulnerabilityMon Nov 03 2025

CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing in Apple macOS

Medium

VulnerabilityMon Nov 03 2025

CVE-2024-40855: A sandboxed app may be able to access sensitive user data in Apple macOS

Medium

VulnerabilityMon Nov 03 2025

CVE-2024-40851: An attacker with physical access may be able to access contact photos from the lock screen in Apple iOS and iPadOS

Low

VulnerabilityMon Nov 03 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2024-38878: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Siemens Omnivise T3000 Application Server R9.2

CVE-2024-38878: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Siemens Omnivise T3000 Application Server R9.2

Description

Technical Details

Community Reviews

Related Threats

CVE-2024-4032: Vulnerability in Python Software Foundation CPython

CVE-2024-40867: A remote attacker may be able to break out of Web Content sandbox in Apple iOS and iPadOS

CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing in Apple macOS

CVE-2024-40855: A sandboxed app may be able to access sensitive user data in Apple macOS

CVE-2024-40851: An attacker with physical access may be able to access contact photos from the lock screen in Apple iOS and iPadOS

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility