PT-2024-28752 · Perforce · Helix Alm
Published
2024-06-28
·
Updated
2024-07-01
·
CVE-2024-3995
CVSS v4.0
2.0
Low
| Vector | AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Helix ALM versions prior to 2024.2.0
Description
A local command injection issue was identified. The issue was reported by Bryan Riggins.
Recommendations
For Helix ALM versions prior to 2024.2.0, update to version 2024.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive commands and functionality to minimize the risk of exploitation.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Helix Alm