CVE-2024-13971

Exploit

EPSS 0.47%
Veröffentlicht 30.04.2026 12:11:46
Zuletzt bearbeitet 17.05.2026 23:17:01
Quelle 23637b5d-af4c-4cf9-b8f6-deb7fd
CVE-Watchlists
Login
Unerledigt
Login

Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lobster-world ≫ Lobster Pro Version < 4.12.6-ga

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.369

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
23637b5d-af4c-4cf9-b8f6-deb7fd0f8423	7.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:C/RE:X/U:X

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/

Third Party Advisory

Exploit

http://seclists.org/fulldisclosure/2026/May/1

https://nvd.nist.gov/vuln/detail/CVE-2024-13971

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13971

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13971

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-13971