Lucene search
HistoryJun 10, 2024 - 3:15 p.m.
CVE-2024-35307
cve-2024-35307
pandora fms
unauthenticated attackers
arbitrary code execution
server vulnerability
9.4 High
CVSS4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Amber/R:U/RE:L
8.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,Β allowing unauthenticated attackers to execute arbitrary code on the server.Β This issue affects Pandora FMS: from 700 through <777.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
]
9.4 High
CVSS4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Amber/R:U/RE:L
8.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2024-35307