CVE-2024-11662

Name of the Vulnerable Software and Affected Versions welliamcao OpsManage versions 3.0.1 through 3.0.5

Description A critical issue affects the deploy host vars function of the /apps/api/views/deploy api.py file in the API Endpoint component. This issue leads to deserialization and can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For welliamcao OpsManage versions 3.0.1 through 3.0.5, consider disabling the deploy host vars function as a temporary workaround until a patch is available. Restrict access to the /apps/api/views/deploy api.py file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.