CVE-2024-36072

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-779
View all →

Vulnerability Description

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges.

Related Vulnerabilities

CVE-2022-31004

HIGH
CVSS:7.5(High)

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method write...

CWE-7792022

CVE-2024-36416

HIGH
CVSS:7.5(High)

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by...

CWE-7792024

CVE-2021-25420

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021

CVE-2021-25421

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021

CVE-2021-25422

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021

CVE-2021-25423

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

CWE-7792021