Lucene search

[email protected]NVD:CVE-2024-36427

HistoryMay 29, 2024 - 4:15 p.m.

CVE-2024-36427

2024-05-2916:15:11

CWE-22

CWE-918

[email protected]

web.nvd.nist.gov

targit decision suite

file-serving function

authenticated attackers

crafted file request

code execution

.xview file

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

JSON

The file-serving function in TARGIT Decision Suite 23.2.15007 allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.

References

github.com/DMCERTCE/DecisionSuite_Path_Traversal_SSRF

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

JSON

Related for NVD:CVE-2024-36427

vulnrichment1 cvelist1 cve1