Lucene search

EclipseVULNRICHMENT:CVE-2024-0740

HistoryApr 26, 2024 - 9:36 a.m.

CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection

2024-04-2609:36:12

CWE-78

eclipse

github.com

eclipse

target management

command injection

vulnerability

remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication.

The fixed version is included in Eclipse IDE 2024-03

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*"
    ],
    "vendor": "eclipse",
    "product": "eclipse_ide",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145

gitlab.eclipse.org/security/vulnerability-reports/-/issues/171

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-0740