HIGH🇬🇧 English

CVE-2024-11220

CVSS 8.5v4.0pub. 2024-12-06upd. 2025-01-23

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Openautomationsoftware Open Automation Software

    APP
    Openautomationsoftware
    < 20.0.0.76
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2024-21870MEDIUM4.9ten sam produkt

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Softwa...

CVE-2024-22178MEDIUM4.9ten sam produkt

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automati...

CVE-2024-24976MEDIUM4.9ten sam produkt

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Ope...

CVE-2024-27201MEDIUM4.9ten sam produkt

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open A...

CVE-2022-26082CRITICAL9.1ten sam vendor

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Softw...