PT-2024-28900 · Unknown · Pantera Crm

Published

2024-08-05

Updated

2025-03-24

CVE-2024-40530

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Pantera CRM versions 401.152 through 402.072

Description The issue allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header, potentially enabling them to execute arbitrary code.

Recommendations For versions 401.152 and 402.072, consider restricting access to the X-Forwarded-For header component until a patch is available. As a temporary workaround, disable the modification of the X-Forwarded-For header to minimize the risk of exploitation.

Fix

Incorrect Authorization

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-94

Related Identifiers

CVE-2024-40530

Affected Products

Pantera Crm

PT-2024-28900 · Unknown · Pantera Crm

CVE-2024-40530

Weakness Enumeration

Related Identifiers

Affected Products

References · 5