CVE-2024-37155
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-37155 is a vulnerability affecting OpenCTI, an open-source cyber threat intelligence platform. Prior to version 6.1.9, the platform's regex validation used to restrict Introspection queries can be bypassed by removing certain characters, including whitespace, carriage return, and line feed. As a result, unauthenticated users are able to run full Introspection queries, potentially gaining unauthorized access to sensitive information about the GraphQL endpoint. This vulnerability can also be exploited for Denial of Service (DoS) attacks by sending repeated queries. To mitigate this risk, users should upgrade to OpenCTI version 6.1.9 to apply the patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.