Lucene search

TR-CERTCVELIST:CVE-2024-5683

HistoryJun 24, 2024 - 8:54 a.m.

CVE-2024-5683 Remote Code Execution in Next4Biz's BPM

2024-06-2408:54:32

CWE-94

TR-CERT

www.cve.org

cve-2024-5683

remote code execution

next4biz

bpm

code injection

vulnerability

crm

software

business process management

version 6.6.4.4

version 6.6.4.5

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Business Process Manangement (BPM)",
    "vendor": "Next4Biz CRM & BPM Software",
    "versions": [
      {
        "lessThan": "6.6.4.5",
        "status": "affected",
        "version": "6.6.4.4",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0739

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON

Related for CVELIST:CVE-2024-5683