PT-2024-33296 · Logpoint · Logpoint
Mehmet D. Ince
·
Published
2024-11-07
·
Updated
2024-11-08
·
CVE-2024-48954
CVSS v3.1
6.4
Medium
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Logpoint versions prior to 7.5.0
Description
An issue was discovered in Logpoint where unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. The issue is related to improper authentication in the EventHub Collector Setup.
Recommendations
For versions prior to 7.5.0, upgrade the affected component to version 7.5.0 or later to mitigate the risk. As a temporary workaround, consider restricting access to the EventHub Collector setup to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logpoint