Lucene search

TR-CERTVULNRICHMENT:CVE-2024-5683

HistoryJun 24, 2024 - 8:54 a.m.

CVE-2024-5683 Remote Code Execution in Next4Biz's BPM

2024-06-2408:54:32

CWE-94

TR-CERT

github.com

next4biz

bpm

remote code execution

cve-2024-5683

code injection

crm

software

business process management.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:next4biz_crm_and_bpm_software:business_process_manangement:6.6.4.4:*:*:*:*:*:*:*"
    ],
    "vendor": "next4biz_crm_and_bpm_software",
    "product": "business_process_manangement",
    "versions": [
      {
        "status": "affected",
        "version": "6.6.4.4",
        "lessThan": "6.6.4.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0739

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-5683