Security Advisories
This page is a central location for all security advisories related to StoneFly products. Here, you’ll find information about known vulnerabilities, their potential impact, and how to mitigate them.
We understand the importance of keeping your StoneFly systems secure. We encourage you to visit this page regularly to stay informed about the latest security threats and ensure you have the necessary updates installed to protect your data.
If you have any questions or concerns about a specific security advisory, please don’t hesitate to contact StoneFly support.
StoneFly SCVM Vulnerability CVE-2024-31947: Directory Traversal by Authenticated Users
StoneFly Storage Concentrator (SC and SCVM) versions before 8.0.4.26 contain a vulnerability within the Online Help function. This vulnerability could be exploited by authenticated users to bypass directory restrictions and access unauthorized files on the system. These unauthorized files might contain sensitive system information.
StoneFly SCVM Vulnerability CVE-2024-30213: Improper Neutralization of Special Elements used in a Command
StoneFly is aware of a command injection vulnerability (CWE-77) in Storage Concentrator Virtual Machine (SCVM) versions 8.0.4.25 and earlier.