CVE-2024-55877

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 96

Summary

CVE-2024-55877 is a remote code execution vulnerability affecting XWiki Platform, a popular wiki solution, from versions 9.7-rc-1 to prior to 15.10.11, 16.4.1, and 16.5.0. An attacker with a user account can exploit this issue by adding instances of `XWiki.WikiMacroClass` to any page, leading to the compromise of the entire XWiki installation's confidentiality, integrity, and availability. This vulnerability has been remedied in XWiki 15.10.11, 16.4.1, and 16.5.0. Users of older versions can apply the patch manually as a temporary workaround to the `XWiki.XWikiSyntaxMacrosList` page.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share