Lucene search

INCIBECVE-2024-3784

HistoryApr 15, 2024 - 2:15 p.m.

CVE-2024-3784

2024-04-1514:15:08

INCIBE

web.nvd.nist.gov

cve-2024-3784

wbsairback

server-side includes

s3 accounts

exploitation

arbitrary code

remote user

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

Affected configurations

Vulners

Node

wbsairbackwhite_bear_solutionsRange≤21.02.04

VendorProductVersionCPE
wbsairbackwhite_bear_solutions*cpe:2.3:a:wbsairback:white_bear_solutions:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wbsairback	white_bear_solutions	*	cpe:2.3:a:wbsairback:white_bear_solutions::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "White Bear Solutions",
    "vendor": "WBSAirback",
    "versions": [
      {
        "status": "affected",
        "version": "21.02.04"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions