CVE-2024-7564 is a directory traversal vulnerability classified under CWE-22 affecting Logsign Unified SecOps Platform version 6.4.11. The flaw exists in the get_response_json_result endpoint, where the application fails to properly validate and sanitize user-supplied path inputs before performing file operations. This improper limitation allows an authenticated attacker to traverse directories and access files outside the intended restricted directory, potentially disclosing sensitive information with root-level privileges. The vulnerability requires authentication but no user interaction, making it exploitable remotely by any user with valid credentials. The CVSS v3.0 base score is 4.3, reflecting low complexity and limited impact confined to confidentiality. No integrity or availability impacts are reported. The vulnerability was assigned and published by the Zero Day Initiative (ZDI) as ZDI-CAN-24680 on August 6, 2024. No patches or public exploits are currently available, but the risk of sensitive data leakage is significant in environments where attackers can authenticate. This vulnerability highlights the importance of strict input validation and access control in security platforms managing sensitive operational data.

The primary impact of CVE-2024-7564 is unauthorized disclosure of sensitive information stored on systems running Logsign Unified SecOps Platform 6.4.11. Since the vulnerability allows reading files with root privileges, attackers could access configuration files, logs, credentials, or other critical data, potentially facilitating further attacks or espionage. The requirement for authentication limits exploitation to insiders or attackers who have compromised credentials, reducing the attack surface but not eliminating risk. Organizations relying on this platform for security operations could face confidentiality breaches, undermining trust and compliance with data protection regulations. Although integrity and availability are not directly affected, the exposure of sensitive data could lead to indirect impacts such as targeted attacks, data leaks, or reputational damage. The absence of known exploits currently reduces immediate risk, but the vulnerability remains a significant concern for environments with high-value data and privileged users.

To mitigate CVE-2024-7564, organizations should first verify if they are running Logsign Unified SecOps Platform version 6.4.11 and restrict access to the get_response_json_result endpoint to trusted users only. Since no official patch is currently available, administrators should implement strict access controls and monitor authentication logs for suspicious activity. Employ network segmentation and firewall rules to limit platform access to essential personnel and systems. Additionally, conduct regular credential audits and enforce strong authentication mechanisms to reduce the risk of compromised accounts. Implement application-layer input validation proxies or web application firewalls (WAFs) that can detect and block path traversal attempts targeting this endpoint. Finally, maintain close communication with the vendor for timely patch releases and apply updates promptly once available. Conduct thorough security assessments and penetration testing to identify any exploitation attempts or related vulnerabilities.