CVE-2024-38879

Name of the Vulnerable Software and Affected Versions Omnivise T3000 Application Server R9.2 (All versions) Omnivise T3000 R8.2 SP3 (All versions) Omnivise T3000 R8.2 SP4 (All versions)

Description The issue is related to insufficient input validation, which can be exploited by a remote attacker to bypass authentication and gain unauthorized access to protected information. The affected system exposes an internal application's port on the public network interface, allowing direct access to the exposed application.

Recommendations For Omnivise T3000 Application Server R9.2, restrict access to the exposed internal application to minimize the risk of exploitation. For Omnivise T3000 R8.2 SP3, consider disabling the exposed port on the public network interface until a patch is available. For Omnivise T3000 R8.2 SP4, avoid using the affected system for sensitive operations until the issue is resolved.