Home > Vulnerability Database > CVE-2024-54449

Mend.io Vulnerability Database

CVE-2024-54449

Date: March 14, 2025

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.

Severity Score

8.8

Related Resources (3)

Url: https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-54449

Url: https://www.mend.io/vulnerability-database/CVE-2024-54449

Severity Score

8.8

Weakness Type (CWE)

Relative Path Traversal

CWE-23

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-54449

Date: March 14, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?