Lucene search
+L

7 matches found

ibm
ibm
added 2025/04/01 11:17 a.m.31 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56334 DESCRIPTION: systeminformation is a System and OS informati...

7.8CVSS7.7AI score0.00698EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2024/12/25 4:0 p.m.13 views

CVE-2024-56334

A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the getWindowsIEEE8021x function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system. Mitigation Mitigation for...

8CVSS7.8AI score0.00698EPSS
Exploits0References5
nvd
nvd
added 2024/12/20 9:15 p.m.33 views

CVE-2024-56334

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

7.8CVSS0.00698EPSS
Exploits0References2
osv
osv
added 2024/12/20 8:10 p.m.11 views

CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

7.8CVSS8AI score0.00698EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/12/20 8:10 p.m.9 views

CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

7.8CVSS7.4AI score0.00698EPSS
Exploits0References2
cve
cve
added 2024/12/20 8:10 p.m.138 views

CVE-2024-56334

The CVE-2024-56334 issue affects the Node.js library systeminformation. Affected versions permit SSIDs to be passed unsafely to cmd.exe in getWindowsIEEE8021x, enabling potential remote code execution or local privilege escalation. The root cause is lack of sanitization of SSIDs before command ex...

7.8CVSS7.9AI score0.00698EPSS
Exploits0References2
circl
circl
added 2024/12/20 5:26 p.m.21 views

CVE-2024-56334

creationtimestamp| type| source ---|---|--- 2024-12-20 17:26:22+00:00| published-proof-of-concept| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m 2024-12-20 20:20:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113687004395004128 2024-12-20...

7.8CVSS7.2AI score0.00698EPSS
Exploits0References21
Rows per page
Query Builder