CVE-2024-33857

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-33857
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center Product
https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*
History

18 Apr 2025, 12:39

Type Values Removed Values Added
First Time Logpoint siem
Logpoint
CPE cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*
References () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence - () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence - Vendor Advisory
References () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - Product

21 Nov 2024, 09:17

Type Values Removed Values Added
References () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence - () https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence -
References () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center -

03 Jul 2024, 01:59

Type Values Removed Values Added
CWE CWE-918
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.6
Summary
  • (es) Se descubrió un problema en Logpoint antes de 7.4.0. Debido a la falta de validación de entradas de URL en la inteligencia de amenazas, un atacante con acceso de bajo nivel al sistema puede activar Server Side Request Forgery.

07 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-07 16:15

Updated : 2025-04-18 12:39

NVD link : CVE-2024-33857

Mitre link : CVE-2024-33857

CVE.ORG link : CVE-2024-33857

JSON object : View

Products Affected

logpoint

  • siem
CWE
CWE-918

Server-Side Request Forgery (SSRF)