CVE-2024-39368

Name of the Vulnerable Software and Affected Versions: Intel(R) Neural Compressor versions prior to v3.0

Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as 'SQL Injection', in some Intel(R) Neural Compressor software. This may allow an authenticated user to potentially enable escalation of privilege via adjacent access. The vulnerability can be exploited by a remote attacker to elevate their privileges.

Recommendations: For versions prior to v3.0, upgrade to version v3.0 or later to prevent privilege escalation. As a temporary workaround, consider restricting access to the SQL command functionality until a patch is available. Avoid using the vulnerable software for sensitive operations until the issue is resolved.