exploitDog

CVE-2024-11220

Опубликовано: 06 дек. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

Ссылки

https://openautomationsoftware.com/downloads/
Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-03
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openautomationsoftware:open_automation_software:*:*:*:*:*:*:*:*

Версия до 20.0.0.76 (исключая)

EPSS

Процентиль: 25%

0.00086

Низкий

7.8 High

CVSS3

Дефекты

CWE-279

CWE-732

Связанные уязвимости

GHSA-qv8f-7m6r-v8hp

CVSS3: 7.8

github

около 1 года назад

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

EPSS

Процентиль: 25%

0.00086

Низкий

7.8 High

CVSS3

Дефекты

CWE-279

CWE-732