CVE-2024-36427

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions TARGIT Decision Suite versions prior to 24.06.19002

Description The issue allows authenticated attackers to read or write to server files via a crafted file request, potentially enabling code execution via a .xview file.

Recommendations For versions prior to 24.06.19002, update to version 24.06.19002 or later to resolve the issue. As a temporary workaround, consider restricting access to the file-serving function to minimize the risk of exploitation. Avoid using crafted file requests in the affected function until the issue is resolved.

Fix

Path traversal

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-918

Related Identifiers

CVE-2024-36427

Affected Products

Targit Decision Suite

CVE-2024-36427

Weakness Enumeration

Related Identifiers

Affected Products

References · 6