CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection

🗓️ 26 Apr 2024 09:36:12Reported by eclipseType

Eclipse Target Management Command Injection CVE-2024-0740

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The software for connecting to remote systems and working with them—Eclipse Target Management: Terminal and Remote System Explorer (RSE)—is vulnerable due to the lack of measures taken to eliminate special elements used in operating system commands. This vulnerability allows attackers to execute arbitrary code.	17 May 202400:00	–	bdu_fstec
CNNVD	Eclipse Target Management 命令注入漏洞	26 Apr 202400:00	–	cnnvd
CVE	CVE-2024-0740	26 Apr 202409:36	–	cve
EUVD	EUVD-2024-16529	26 Apr 202409:36	–	euvd
NVD	CVE-2024-0740	26 Apr 202410:15	–	nvd
OSV	CVE-2024-0740	26 Apr 202410:15	–	osv
Positive Technologies	PT-2024-3486 · Eclipse · Eclipse Target Management	19 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0740	4 Feb 202523:10	–	redhatcve
Vulnrichment	CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection	26 Apr 202409:36	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Terminal and Remote System Explorer (RSE)"
    ],
    "packageName": "org.eclipse.tm",
    "product": "Eclipse Target Management",
    "repo": "https://git.eclipse.org/r/plugins/gitiles/tm/org.eclipse.tm/",
    "vendor": "Eclipse Foundation",
    "versions": [
      {
        "lessThanOrEqual": "4.5.500",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
git	www.git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/171

26 Apr 2024 09:36Current

10High risk

Vulners AI Score10

CVSS 3.19.8

EPSS0.09022

CWE-78