← Back to CVEs
CVE-2024-45387
CRITICAL9.9
Description
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
CVE Details
CVSS v3.1 Score9.9
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published12/23/2024
Last Modified2/11/2025
Sourcenvd
Honeypot Sightings0
Affected Products
apache:traffic_control
Weaknesses (CWE)
CWE-89CWE-285CWE-89
References
https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr(security@apache.org)
http://www.openwall.com/lists/oss-security/2024/12/23/3(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.