Skip to the content.

DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software

Our reference DIVD-2022-00052
Case lead Victor Pasman
Researcher(s)
CVE(s)
Product Cloudflow from Hybrid Software
Versions Cloudflow < 2.3.1
Recommendation Upgrade to 2.3.2 or above
Workaround n/a
Status Open
Last modified 21 Feb 2023 16:18

Summary

By leveraging the vulnerabilities, an unauthenticated attacker with network access to Cloudflow can upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage and retrieve confidential information.

What you can do

We recommend to use the latest version of Cloudflow

What we are doing

Timeline

Date Description
21 Feb 2023 DIVD released the CVE-2022-41216 and CVE-2022-41217
gantt title DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (still open) :2023-02-21, 2024-03-04 section Events DIVD released the CVE-2022-41216 and CVE-2022-41217 : milestone, 2023-02-21, 0d

More information