CVE-2024-11075

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 250

Summary

CVE-2024-11075 is a newly disclosed vulnerability affecting the Incoming Goods Suite. This issue grants unprivileged users, whether locally or via SSH, the ability to escalate their privileges to the administrative level. The root cause lies in the usage of Docker images with root permissions for the affected components. Successful exploitation of this misconfiguration enables an attacker to gain unauthorized administrative control over the entire system.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share