Vulnerabilities > CVE-2024-33880 - Unspecified vulnerability in Virtosoftware Sharepoint Bulk File Download 5.5.44

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

virtosoftware

NVD

Published: 2024-06-24

Updated: 2024-06-26

Summary

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.

Vulnerable Configurations

Part	Description	Count
Application	Virtosoftware Virtosoftware Sharepoint Bulk File Download 5.5.44	1
Application	Microsoft Microsoft Sharepoint Server 2019	1

References

https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf
https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq&gt%3B