CVE-2024-9005

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.

CVSS

No CVSS.

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-05.pdf

Configurations

No configuration.

History

13 Mar 2025, 15:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : unknown

10 Oct 2024, 12:56

Type	Values Removed	Values Added
Summary		(es) CWE-502: Existe una vulnerabilidad de deserialización de datos no confiables que podría permitir que se ejecute código de forma remota en el servidor cuando se publican datos deserializados de forma no segura en el servidor web.

08 Oct 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-08 11:15

Updated : 2025-03-13 15:15

NVD link : CVE-2024-9005

Mitre link : CVE-2024-9005

CVE.ORG link : CVE-2024-9005

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-9005", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-10-08T11:15:13.673", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-05.pdf", "source": "cybersecurity@se.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be\nremotely executed on the server when unsafely deserialized data is posted to the web server."}, {"lang": "es", "value": "CWE-502: Existe una vulnerabilidad de deserializaci\u00f3n de datos no confiables que podr\u00eda permitir que se ejecute c\u00f3digo de forma remota en el servidor cuando se publican datos deserializados de forma no segura en el servidor web."}], "lastModified": "2025-03-13T15:15:51.253", "sourceIdentifier": "cybersecurity@se.com"}