CVE-2024-52726

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 27, 2024
CWE ID 125

Summary

CVE-2024-52726 is a newly disclosed vulnerability affecting CRMEB v5.4.0. This issue permits an attacker to conduct arbitrary file reading, giving them the ability to access sensitive information stored on the affected system. The vulnerability lies within the save_basics function, which fails to properly restrict file access. Successful exploitation could lead to the exposure of confidential data, potentially causing significant damage or data breaches. System administrators are advised to update CRMEB to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share