8
CVE-2024-43690
- EPSS 3.09%
- Veröffentlicht 11.09.2024 05:15:02
- Zuletzt bearbeitet 11.09.2024 16:26:11
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellergallagher
≫
Produkt
command_centre
Default Statusunknown
Version <=
8.70
Version
0
Status
affected
Version <=
9.10.1530(mr2)
Version
9.10
Status
affected
Version <=
9.00.2168(mr4)
Version
9.00
Status
affected
Version <=
8.90.2155(mr5)
Version
8.90
Status
affected
Version <=
8.80.1938(mr6)
Version
8.80
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.09% | 0.864 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosures@gallagher.com | 8 | 1.3 | 6 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.