CVE-2024-6784

Name of the Vulnerable Software and Affected Versions: ABB ASPECT Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02

Description: The issue is related to insufficient validation of incoming requests, which can be exploited by a remote attacker to gain unauthorized access to resources and disclose protected information. This is a Server-Side Request Forgery vulnerability, providing a potential for access to unauthorized resources and unintended information disclosure.

Recommendations: For ABB ASPECT Enterprise version 3.08.02, consider disabling the vulnerable functionality until a patch is available. For NEXUS Series version 3.08.02, restrict access to unauthorized resources to minimize the risk of exploitation. For MATRIX Series version 3.08.02, avoid using the vulnerable API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.