CVE-2024-55877
CVSS 3.1 Score 9.9 of 10 (high)
Details
Summary
CVE-2024-55877 is a remote code execution vulnerability affecting XWiki Platform, a popular wiki solution, from versions 9.7-rc-1 to prior to 15.10.11, 16.4.1, and 16.5.0. An attacker with a user account can exploit this issue by adding instances of `XWiki.WikiMacroClass` to any page, leading to the compromise of the entire XWiki installation's confidentiality, integrity, and availability. This vulnerability has been remedied in XWiki 15.10.11, 16.4.1, and 16.5.0. Users of older versions can apply the patch manually as a temporary workaround to the `XWiki.XWikiSyntaxMacrosList` page.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.