CVE-2024-36427

1976-01-0100:00:00

mitre

github.com

AI Score

7.1

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

The file-serving function in TARGIT Decision Suite 23.2.15007 allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:targit:decision_suite:23.2.15007:*:*:*:*:*:*:*"
    ],
    "vendor": "targit",
    "product": "decision_suite",
    "versions": [
      {
        "status": "affected",
        "version": "23.2.15007"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

github.com/DMCERTCE/DecisionSuite_Path_Traversal_SSRF