CVE-2024-24822

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Feb 7, 2024

Updated: Feb 15, 2024

CWE ID 862

Summary

CVE-2024-24822: A vulnerability was discovered in Pimcore's Admin Classic Bundle, affecting versions prior to 1.3.3. This issue allows unauthorized users to create, delete, and manipulate tags in the system without having the necessary permissions. The vulnerability can lead to potential security risks and data integrity issues. It is recommended to upgrade to version 1.3.3 or manually apply the available patch as a workaround.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Pimcore Admin Classic Bundle

Affected Vendors

Pimcore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uWlWPg
https://www.cve.org/CVERecord?id=CVE-2024-24822
https://nvd.nist.gov/vuln/detail/CVE-2024-24822

Back to Vulnerability Database