exploitDog

CVE-2024-56086

Опубликовано: 16 дек. 2024

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.

Ссылки

https://servicedesk.logpoint.com/hc/en-us/articles/22136886421277-Remote-Code-Execution-while-creating-Report-Templates
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*

Версия до 7.5.0 (исключая)

EPSS

Процентиль: 83%

0.01967

Низкий

7.1 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-cgf3-4cm8-wh3p

CVSS3: 7.1

github

около 1 года назад

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.

EPSS

Процентиль: 83%

0.01967

Низкий

7.1 High

CVSS3

Дефекты

CWE-77