CVE-2024-2097

Name of the Vulnerable Software and Affected Versions SCM Server (affected versions not specified)

Description The issue allows an authenticated malicious client to send a special LINQ query to execute arbitrary code remotely on the SCM Server, which an attacker would not otherwise have authorization to do. This is achieved through the Authenticated List control client executing the LINQ query in the SCM Server to present events as a list for the operator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.