DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
| Our reference | DIVD-2022-00052 |
| Case lead | Victor Pasman |
| Researcher(s) | |
| CVE(s) | |
| Product | Cloudflow from Hybrid Software |
| Versions | Cloudflow < 2.3.1 |
| Recommendation | Upgrade to 2.3.2 or above |
| Workaround | n/a |
| Status | Open |
| Last modified | 21 Feb 2023 16:18 |
Summary
By leveraging the vulnerabilities, an unauthenticated attacker with network access to Cloudflow can upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage and retrieve confidential information.
What you can do
We recommend to use the latest version of Cloudflow
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
Timeline
| Date | Description |
|---|---|
| 21 Feb 2023 | DIVD released the CVE-2022-41216 and CVE-2022-41217 |
gantt
title DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (still open) :2023-02-21, 2023-04-03
section Events
DIVD released the CVE-2022-41216 and CVE-2022-41217 : milestone, 2023-02-21, 0d