CVE-2024-6893
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 8, 2024
CWE ID 611
Summary
CVE-2024-6893 is a vulnerability affecting the "soap_cgi.pyc" API handler. It enables unauthenticated attackers to exploit the system by inserting references to external entities in the XML body of SOAP requests. This issue poses a significant risk, as it allows an attacker to read local files, execute server-side request forgery, and overload server resources. The vulnerability can lead to potential data theft and denial-of-service attacks. Organizations using this API handler must apply the necessary patches to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Journyx