How severe is CVE-2024-1748?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-1748?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2024-1748 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function load_model_from_file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-254530 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-4483

HIGH

CVSS:7.5(High)

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute ...

CWE-5022016

CVE-2017-1000195

HIGH

CVSS:7.5(High)

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

CWE-5022017

CVE-2017-15693

HIGH

CVSS:7.5(High)

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:W...

CWE-5022017

CVE-2017-8804

HIGH

CVSS:7.5(High)

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual ...

CWE-5022017

CVE-2017-9844

HIGH

CVSS:7.5(High)

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP S...

CWE-5022017

CVE-2018-0824

HIGH

CVSS:7.5(High)

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." Th...

CWE-5022018