DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
| Our reference | DIVD-2022-00052 |
| Case lead | Victor Pasman |
| Researcher(s) | |
| CVE(s) | |
| Product | Cloudflow from Hybrid Software |
| Versions | Cloudflow < 2.3.1 |
| Recommendation | Upgrade to 2.3.2 or above |
| Workaround | n/a |
| Status | Closed |
| Last modified | 22 Jul 2024 10:53 |
Summary
By leveraging the vulnerabilities, an unauthenticated attacker with network access to Cloudflow can upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage and retrieve confidential information.
What you can do
We recommend to use the latest version of Cloudflow
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
Timeline
| Date | Description |
|---|---|
| 21 Feb 2023 | DIVD released the CVE-2022-41216 and CVE-2022-41217 |
| 22 Jul 2024 | Case closed, due to inactivity. |
gantt
title DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (516 days) :2023-02-21, 2024-07-21
section Events
DIVD released the CVE-2022-41216 and CVE-2022-41217 : milestone, 2023-02-21, 0d
Case closed, due to inactivity. : milestone, 2024-07-22, 0d