mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
64 lines
2.6 KiB
JSON
64 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2024-48761",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2025-01-29T22:15:29.430",
|
|
"lastModified": "2025-02-03T19:15:12.210",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the \"erro\" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El componente espec\u00edfico de Celk Saude 3.1.252.1 que procesa la entrada del usuario y devuelve mensajes de error al cliente es vulnerable debido a una validaci\u00f3n incorrecta o desinfecci\u00f3n del par\u00e1metro \"erro\". Este par\u00e1metro aparece como respuesta cuando se ingresan credenciales incorrectas durante el inicio de sesi\u00f3n. La falta de una validaci\u00f3n o desinfecci\u00f3n adecuada hace que el componente sea susceptible a ataques de inyecci\u00f3n, lo que potencialmente permite a los atacantes manipular la entrada y explotar sistema."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-77"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761",
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
|
|
}
|
|
]
|
|
} |