Lucene search

TR-CERTVULNRICHMENT:CVE-2024-6917

HistoryAug 12, 2024 - 2:51 p.m.

CVE-2024-6917 RCE in Veribilim Software's Veribase Order Management

2024-08-1214:51:48

CWE-78

TR-CERT

github.com

cve-2024-6917

rce

veribilim software

veribase order management

os command injection

vulnerability

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2.

CNA Affected

[
  {
    "vendor": "Veribilim Software",
    "product": "Veribase Order Management",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v4.010.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:veribase:veribase_order_management:*:*:*:*:*:*:*:*"
    ],
    "vendor": "veribase",
    "product": "veribase_order_management",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.010.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.usom.gov.tr/bildirim/tr-24-1105

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6917