CVE-2024-48907

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sematell ReplyOne version 7.4.3.0

Description The issue allows Server-Side Request Forgery (SSRF) through the application server API. This means an attacker could potentially manipulate the server into making unauthorized requests.

Recommendations For Sematell ReplyOne version 7.4.3.0, consider restricting access to the application server API to minimize the risk of exploitation. As a temporary workaround, review and limit the API's ability to make external requests until a patch is available.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-48907

Affected Products

Sematell Replyone

CVE-2024-48907

Weakness Enumeration

Related Identifiers

Affected Products

References · 6