{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-7059", "ASSIGNER": "security@genetec.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "cweId": "CWE-470" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Genetec Inc.", "product": { "product_data": [ { "product_name": "Genetec Security Center", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "status": "affected", "versionType": "semver", "version": "<5.8.2.1" }, { "status": "unaffected", "versionType": "semver", "version": ">=5.8.2.1" }, { "status": "affected", "versionType": "semver", "version": ">=5.9.0.0 <5.9.5.8" }, { "status": "unaffected", "versionType": "semver", "version": ">=5.9.5.8" }, { "status": "affected", "versionType": "semver", "version": ">=5.10.0.0 <5.10.4.23" }, { "status": "unaffected", "versionType": "semver", "version": ">=5.10.4.23" }, { "status": "affected", "versionType": "semver", "version": ">=5.11.0.0 <5.11.3.13" }, { "status": "unaffected", "versionType": "semver", "version": ">=5.11.3.13" }, { "status": "affected", "versionType": "semver", "version": ">=5.12.0.0 <5.12.1.3" }, { "status": "unaffected", "versionType": "semver", "version": ">=5.12.1.3 <5.12.2.0" }, { "status": "affected", "versionType": "semver", "version": ">=5.12.2.0 <5.12.2.1" }, { "status": "unaffected", "versionType": "semver", "version": ">=5.12.2.1" } ], "defaultStatus": "unaffected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role", "refsource": "MISC", "name": "https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role" }, { "url": "https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center", "refsource": "MISC", "name": "https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center" } ] }, "work_around": [ { "lang": "en", "value": "If the Security Center instance cannot be updated in a timely fashion, the system administrator should deactivate the Web-based SDK role." } ], "solution": [ { "lang": "en", "value": "This issue is fixed in Security Center 5.8.2.1, 5.9.5.8, 5.10.4.23, 5.11.3.13, 5.12.1.3, 5.12.2.1 and all later versions." } ], "credits": [ { "lang": "en", "value": "AlgoSecure, Louis Moubinous" } ], "impact": { "cvss": [ { "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } ] } }