CVE-2024-8510: N-central Path Traversal
5.3
CVSS
Description
N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed.
This vulnerability is present in all deployments of N-central prior to N-central 2024.6.
Classification
CVE ID: CVE-2024-8510
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Problem Types
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path TraversalAffected Products
Vendor: N-able
Product: N-central
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 15.62% (scored less or equal to compared to others)
EPSS Date: 2025-04-15 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-8510https://documentation.n-able.com/N-central/Release_Notes/GA/Content/N-central_2024.6_Release_Notes.htm
https://me.n-able.com/s/security-advisory/aArVy0000000XgjKAE/cve20248510-ncentral-path-traversal