Lucene search

[email protected]CVE-2024-5683

HistoryJun 24, 2024 - 9:15 a.m.

CVE-2024-5683

2024-06-2409:15:10

CWE-94

[email protected]

web.nvd.nist.gov

code injection

next4biz crm

bpm software

remote code inclusion

business process management

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.0%

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Business Process Manangement (BPM)",
    "vendor": "Next4Biz CRM & BPM Software",
    "versions": [
      {
        "lessThan": "6.6.4.5",
        "status": "affected",
        "version": "6.6.4.4",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0739

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for CVE-2024-5683

nvd1 cvelist1