CVE-2024-29838

EPSS 0.54%
Veröffentlicht 15.04.2024 00:15:13
Zuletzt bearbeitet 10.12.2025 17:37:16
Quelle 430a6cef-dc26-47e3-9fa8-52fb7f
CVE-Watchlists
Login
Unerledigt
Login

Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input,  allowing for an unauthenticated attacker to crash the controller software

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cs-technologies ≫ Evolution Version <= 2.04.560

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.41

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
430a6cef-dc26-47e3-9fa8-52fb7f19644e	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29838

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-29838