CVE-2024-49704
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Dec 10, 2024
CWE ID 611
Summary
CVE-2024-49704 is a vulnerability affecting various versions of COMOS, including V10.3, V10.4.0, V10.4.1, V10.4.2, V10.4.3, V10.4.4, V10.4.4.1. The Generic Data Mapper, Engineering Adapter, and Engineering Interface in these versions inappropriately manage XML External Entity (XXE) entries while processing configuration and mapping files. An attacker can exploit this issue by persuading a user to use a maliciously crafted file, potentially allowing the extraction of files from the user's system or network folders.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share