CVE-2024-9005

{"id": "CVE-2024-9005", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-10-08T11:15:13.673", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-05.pdf", "source": "cybersecurity@se.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be\nremotely executed on the server when unsafely deserialized data is posted to the web server."}, {"lang": "es", "value": "CWE-502: Existe una vulnerabilidad de deserializaci\u00f3n de datos no confiables que podr\u00eda permitir que se ejecute c\u00f3digo de forma remota en el servidor cuando se publican datos deserializados de forma no segura en el servidor web."}], "lastModified": "2024-10-10T12:56:30.817", "sourceIdentifier": "cybersecurity@se.com"}