CVE-2024-8367

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Sep 1, 2024
Updated: Sep 3, 2024
CWE ID 74

Summary

CVE-2024-8367 identifies a vulnerability in the HM Courts & Tribunals Service Probate Back Office, specifically within the NotificationService.java file related to Markdown Handler, that allows for injection attacks. This issue affects versions up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31, although specific version details are not available due to the use of continuous delivery with rolling releases. To remediate this vulnerability, a patch identified as d90230d7cf575e5b0852d56660104c8bd2503c34 should be applied. The potential danger it poses includes low integrity impact and exploitation via adjacent networks, with an overall severity rated as low (CVSS base score of 3.5). Users are not required to interact with the system for an attack, and the attack complexity is considered low.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share