CVE-2024-25413

Name of the Vulnerable Software and Affected Versions FireBear Improved Import And Export version 3.8.6

Description A XSLT Server Side injection vulnerability in the Import Jobs function allows attackers to execute arbitrary commands via a crafted XSLT file. The vulnerability can be exploited by manipulating an XSLT file used by the Import Jobs function. There is no information provided about whether this vulnerability has a public exploit or if it has been exploited by attackers. No information is available about the number of Internet users that can be affected by the exploitation of this vulnerability.

Recommendations For FireBear Improved Import And Export version 3.8.6, as a temporary workaround, consider restricting the use of the Import Jobs function until a patch is available. Avoid using crafted XSLT files in the Import Jobs function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.