CVE-2024-26293
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: ENISA
Description
Description
The Avid Nexis Agent uses a vulnerable gSOAP
version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability.
This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| soap | gsoap | 2.8 |
| avid | nexis_agent | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Unauthenticated Path Traversal issue in the Avid Nexis Agent due to a flaw in the gSOAP version 2.8 it uses. It allows an attacker to access files or directories outside the intended scope without authentication, potentially exposing sensitive data or system files.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to access unauthorized files or directories on affected Avid NEXIS systems without needing to authenticate. This could lead to exposure of sensitive information, system compromise, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70