CVE-2024-56086

{"id": "CVE-2024-56086", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-12-16T06:15:07.557", "references": [{"url": "https://servicedesk.logpoint.com/hc/en-us/articles/22136886421277-Remote-Code-Execution-while-creating-Report-Templates", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.5.0. Los usuarios autenticados pueden inyectar payloads en las plantillas de informes. Estas se ejecutan cuando se inicia el proceso de copia de seguridad, lo que genera una ejecuci\u00f3n de c\u00f3digo remoto."}], "lastModified": "2025-04-17T01:50:13.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88AD9F8A-98CD-459E-A2C4-404AE1F573ED", "versionEndExcluding": "7.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}