CVE-2024-48954

{"id": "CVE-2024-48954", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.6}]}, "published": "2024-11-07T17:15:08.650", "references": [{"url": "https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://servicedesk.logpoint.com/hc/en-us/articles/21968851138461-Remote-Code-Execution-RCE-in-EventHub-Collector", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.5.0. La entrada no validada durante la configuraci\u00f3n de EventHub Collector por parte de un usuario autenticado provoca la ejecuci\u00f3n de c\u00f3digo remoto."}], "lastModified": "2025-04-30T16:42:20.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88AD9F8A-98CD-459E-A2C4-404AE1F573ED", "versionEndExcluding": "7.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}