CVE-2024-33857

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-33857
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center Product
https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*
History

18 Apr 2025, 12:39

Type Values Removed Values Added
First Time Logpoint siem
Logpoint
CPE cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*
References () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence - () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence - Vendor Advisory
References () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - Product

21 Nov 2024, 09:17

Type Values Removed Values Added
References () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence - () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence -
References () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center -

03 Jul 2024, 01:59

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Logpoint antes de 7.4.0. Debido a la falta de validación de entradas de URL en la inteligencia de amenazas, un atacante con acceso de bajo nivel al sistema puede activar Server Side Request Forgery.
CWE CWE-918
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.6

07 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-07 16:15

Updated : 2025-04-18 12:39

NVD link : CVE-2024-33857

Mitre link : CVE-2024-33857

CVE.ORG link : CVE-2024-33857

JSON object : View

Products Affected

logpoint

  • siem
CWE
CWE-918

Server-Side Request Forgery (SSRF)