CVE-2024-36131

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 7, 2024

Updated: Aug 21, 2024

CWE ID 502

Summary

CVE-2024-36131 is a newly disclosed vulnerability affecting the web component of EPMM before version 12.1.0.1. This issue allows authenticated attackers to exploit an insecure deserialization flaw and execute arbitrary commands on the underlying operating system of the affected appliance. Successful exploitation could result in significant security implications, including unauthorized system access and data theft. It is recommended that users update their EPMM software to the latest version as soon as possible to mitigate this risk. Failure to do so could leave systems vulnerable to remote attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wCWlz8
https://www.cve.org/CVERecord?id=CVE-2024-36131
https://nvd.nist.gov/vuln/detail/CVE-2024-36131

Back to Vulnerability Database

CVE-2024-36131

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations