PT-2024-17286 · Plextrac · Plextrac
Ianis Bernard
·
Published
2024-12-13
·
Updated
2024-12-13
·
CVE-2024-11839
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red |
Name of the Vulnerable Software and Affected Versions
PlexTrac versions 1.61.3 through 2.8.1
Description
The issue is related to the deserialization of untrusted data in PlexTrac, specifically in the Runbooks modules, allowing object injection and arbitrary file writes. This enables attackers to perform malicious actions.
Recommendations
For versions 1.61.3 through 2.8.1, update to version 2.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Runbooks modules to minimize the risk of exploitation. Avoid using the affected modules until the issue is resolved.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plextrac