Update CVE-2024-6049.yaml

http/cves/2024/CVE-2024-6049.yaml

@@ -7,25 +7,22 @@ info:
   description: |
     The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only possible if the requested file has some file extension, e. g. .exe or .txt.
   reference:
-    - https://seclists.org/fulldisclosure/2024/Oct/7
-    - https://sec-consult.com/vulnerability-lab/advisory/unauthenticated-path-traversal-vulnerability-in-lawo-ag-vsm-ltc-time-sync-vtimesync/
+    - https://lawo.com/lawo-downloads/
+    - https://r.sec-consult.com/lawo
     - https://packetstormsecurity.com/files/182347/Lawo-AG-vsm-LTC-Time-Sync-Path-Traversal.html
-    - https://ogma.in/cve-2024-6049-addressing-path-traversal-vulnerability-in-lawo-s-vsm-ltc-time-sync
-    - https://www.tenable.com/cve/CVE-2024-6049
-    - https://docs.lawo.com/vsm-ip-broadcast-control-system/vsmgear-user-manual/discontinued-products/vsmltc
+    - https://sec-consult.com/vulnerability-lab/advisory/unauthenticated-path-traversal-vulnerability-in-lawo-ag-vsm-ltc-time-sync-vtimesync/
+    - https://nvd.nist.gov/vuln/detail/cve-2024-6049
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2024-6049
     cwe-id: CWE-32
     epss-score: 0.00043
-    epss-percentile: 0.09778
+    epss-percentile: 0.09833
   metadata:
     verified: true
     max-request: 2
-    vendor: Lawo AG
-    product: vTimeSync
-  tags: cve,cve2024,lawo,lfi
+  tags: cve,cve2024,lawo,lfi,seclists,packetstorm
 
 flow: http(1) && http(2)