How severe is CVE-2024-23333?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.9 out of 10.

What type of vulnerability is CVE-2024-23333?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-23333 - HIGH Severity | CVSS 7.9

Vulnerability Description

LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.

Related Vulnerabilities

CVE-2020-23050

HIGH

CVSS:8.0(High)

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attac...

CWE-742020

CVE-2021-0594

HIGH

CVSS:8.0(High)

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an...

CWE-742021

CVE-2021-28829

HIGH

CVSS:8.0(High)

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for ...

CWE-742021

CVE-2021-41390

HIGH

CVSS:8.0(High)

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

CWE-742021

CVE-2023-48709

HIGH

CVSS:8.0(High)

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2...

CWE-742023

CVE-2024-10841

MEDIUM

CVSS:8.0(High)

A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /Proses_Kirim.php of the component Mail Handler....

CWE-742024