← Volver a CVEs
CVE-2024-45387
CRITICAL9.9
Descripcion
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
Detalles CVE
Puntuacion CVSS v3.19.9
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado12/23/2024
Ultima modificacion2/11/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
apache:traffic_control
Debilidades (CWE)
CWE-89CWE-285CWE-89
Referencias
https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr(security@apache.org)
http://www.openwall.com/lists/oss-security/2024/12/23/3(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.