CVE-2024-48956
CVE-2024-48956
In short
Serviceware Processes versions 6.0 through 7.3 contain a critical flaw that allows attackers to execute code on the server without needing valid login credentials. An attacker can send a specially crafted HTTP request to trigger this vulnerability.
Technical detail
An unauthenticated remote code execution vulnerability exists in Serviceware Processes 6.0-7.3 due to improper input validation on a service endpoint. Attackers can send a specially crafted HTTP request to achieve arbitrary code execution without authentication, requiring only network access to the affected service endpoint.
Summary generated and translated by AI from the official description.
Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →