exploitDog

CVE-2024-21870

Опубликовано: 03 апр. 2024

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1950
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1950
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1950

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openautomationsoftware:open_automation_software:19.0.0.57:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00146

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-73

NVD-CWE-Other

Связанные уязвимости

GHSA-w4xh-qvw9-wq8w

CVSS3: 4.9

github

почти 2 года назад

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

EPSS

Процентиль: 36%

0.00146

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-73

NVD-CWE-Other