exploitDog

CVE-2024-27201

Опубликовано: 03 апр. 2024

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1949

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openautomationsoftware:open_automation_software:19.0.0.57:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00151

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-6rc6-fqrr-7x25

CVSS3: 4.9

github

почти 2 года назад

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

EPSS

Процентиль: 36%

0.00151

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-20