CVE-2024-38876

Name of the Vulnerable Software and Affected Versions Omnivise T3000 Application Server R9.2 (All versions) Omnivise T3000 Domain Controller R9.2 (All versions) Omnivise T3000 Product Data Management (PDM) R9.2 (All versions) Omnivise T3000 R8.2 SP3 (All versions) Omnivise T3000 R8.2 SP4 (All versions) Omnivise T3000 Terminal Server R9.2 (All versions) Omnivise T3000 Thin Client R9.2 (All versions) Omnivise T3000 Whitelisting Server R9.2 (All versions)

Description The issue is related to the execution of user-modifiable code as a privileged user, which could allow a local authenticated attacker to execute arbitrary code with elevated privileges. This is due to the affected application regularly executing such code.

Recommendations For Omnivise T3000 Application Server R9.2, consider disabling the execution of user-modifiable code as a temporary workaround until a patch is available. For Omnivise T3000 Domain Controller R9.2, restrict access to user-modifiable code to minimize the risk of exploitation. For Omnivise T3000 Product Data Management (PDM) R9.2, avoid using user-modifiable code in the affected application until the issue is resolved. For Omnivise T3000 R8.2 SP3, consider applying configuration changes to limit the execution of user-modifiable code. For Omnivise T3000 R8.2 SP4, restrict access to the affected application to minimize the risk of exploitation. For Omnivise T3000 Terminal Server R9.2, consider disabling the execution of user-modifiable code as a temporary workaround until a patch is available. For Omnivise T3000 Thin Client R9.2, avoid using user-modifiable code in the affected application until the issue is resolved. For Omnivise T3000 Whitelisting Server R9.2, restrict access to user-modifiable code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.