PT-2024-37061 · Mentor · Mentor - Employee Portal
Raúl Caro Teixido
·
Published
2024-06-06
·
Updated
2024-06-11
·
CVE-2024-5675
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mentor - Employee Portal version 3.83.35
Description
The issue is related to an untrusted data deserialization vulnerability. This could allow an attacker to execute arbitrary code by injecting a malicious payload into the
ViewState field.Recommendations
For version 3.83.35, update the software to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the
ViewState field to minimize the risk of exploitation.Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mentor - Employee Portal