CVE-2024-55457

Medium

Published: 20 February 2025

Published

20 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score 0.8041 99.1th percentile

Risk Priority 61 60% EPSS · 20% KEV · 20% CVSS

Description

MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information.

Security Summary

MasterSAM Star Gate 11 is affected by CVE-2024-55457, a directory traversal vulnerability (CWE-22) in the /adama/adama/downloadService endpoint. Published on 2025-02-20, this issue has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). An attacker can exploit it by manipulating the file parameter in requests to the service, enabling access to arbitrary files on the server and potentially exposing sensitive information.

Remote attackers require no authentication or privileges (PR:N) and can exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows limited confidentiality impact, such as reading sensitive files, and limited integrity impact, with no availability disruption.

A proof-of-concept exploit is available at https://github.com/h13nh04ng/CVE-2024-55457-PoC. No vendor advisories or patches are detailed in available references.

Details

CWE(s): CWE-22

References

https://github.com/h13nh04ng/CVE-2024-55457-PoC
cve@mitre.org