CVE-2024-27115
Last modified
CVE-2024-27115 is a critical-severity vulnerability rated 10/10 on the CVSS scale. A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. EPSS estimates a 4.59% chance of exploitation in the next 30 days.
Description
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:I/V:C/RE:M/U:Red
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Soplanning | Soplanning | < 1.52.02 |
References
- https://csirt.divd.nl/CVE-2024-27115Broken Link
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-27115?
How severe is CVE-2024-27115?
How do I fix CVE-2024-27115?
Are you affected by CVE-2024-27115?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST