DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
|Case lead||Victor Pasman|
|Product||Cloudflow from Hybrid Software|
|Versions||Cloudflow < 2.3.1|
|Recommendation||Upgrade to 2.3.2 or above|
|Last modified||21 Feb 2023 16:18|
By leveraging the vulnerabilities, an unauthenticated attacker with network access to Cloudflow can upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage and retrieve confidential information.
What you can do
We recommend to use the latest version of Cloudflow
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
|21 Feb 2023||DIVD released the CVE-2022-41216 and CVE-2022-41217|