CVE-2024-37779

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WoodWing Elvis DAM version 6.98.1

Description The issue is related to an authenticated remote command execution through the Apache Ant script functionality. This allows for the execution of commands on the affected system.

Recommendations For WoodWing Elvis DAM version 6.98.1, consider disabling the Apache Ant script functionality as a temporary workaround until a patch is available. Restrict access to the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-75

Related Identifiers

CVE-2024-37779

Affected Products

Apache Ant

Woodwing Elvis Dam

CVE-2024-37779

Weakness Enumeration

Related Identifiers

Affected Products

References · 6