Lucene search

K
cveA6d3dc9e-0591-4a13-bce7-0f5b31ff6158CVE-2024-26289
HistoryMay 27, 2024 - 7:15 a.m.

CVE-2024-26289

2024-05-2707:15:08
CWE-502
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
web.nvd.nist.gov
28
deserialization
untrusted data
pmb services
remote code inclusion
vulnerability
cve-2024-26289
nvd
version 7.5.1
version 7.5.6-2
version 7.4.1
version 7.4.9
version 7.3.1
version 7.3.18

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "PMB",
    "vendor": "PMB Services",
    "versions": [
      {
        "lessThan": "7.5.6-2",
        "status": "affected",
        "version": "7.5.1",
        "versionType": "semver"
      },
      {
        "lessThan": "7.4.9",
        "status": "affected",
        "version": "7.4.1",
        "versionType": "semver"
      },
      {
        "lessThan": "7.3.18",
        "status": "affected",
        "version": "7.3.1",
        "versionType": "semver"
      }
    ]
  }
]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-26289