CVE-2024-27115

EPSS 80.37%
Veröffentlicht 11.09.2024 14:15:13
Zuletzt bearbeitet 18.09.2024 20:32:26
Quelle csirt@divd.nl
CVE-Watchlists
Login
Unerledigt
Login

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Soplanning ≫ Soplanning Version < 1.52.02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	80.37%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
csirt@divd.nl	10	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:I/V:C/RE:M/U:Red

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://csirt.divd.nl/CVE-2024-27115

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-27115

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27115

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27115

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-27115