CVE-2024-27098

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Mar 18, 2024

Updated: Jan 2, 2025

CWE ID 918

Summary

CVE-2024-27098 is a newly disclosed vulnerability affecting GLPI, a popular Free Asset and IT Management Software. An authenticated user can exploit this SSRF (Server-Side Request Forgery) vulnerability through Arbitrary Object Instantiation, potentially leading to unauthorized data access or server manipulation. This attack can pose a significant risk to IT networks and data security. GLPI has released a patch for this issue in version 10.0.13, and it is highly recommended that users upgrade to this version to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib
Glpi-project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uk6IGH
https://www.cve.org/CVERecord?id=CVE-2024-27098
https://nvd.nist.gov/vuln/detail/CVE-2024-27098

Back to Vulnerability Database