PT-2024-25119 · Unknown · Crmeb Java
Published
2024-05-06
·
Updated
2025-06-11
·
CVE-2024-33117
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
crmeb java version 1.3.4
Description
The issue is related to a Server-Side Request Forgery (SSRF) in the
mergeList method of the ImageMergeController class. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.Recommendations
For crmeb java version 1.3.4, consider disabling the
mergeList method in the ImageMergeController class as a temporary workaround until a patch is available. Restrict access to the ImageMergeController class to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crmeb Java