CVE-2024-9358

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 1, 2024

Updated: Oct 4, 2024

CWE ID 400

Summary

CVE-2024-9358 is a vulnerability identified in ThingsBoard versions up to 3.7.0, specifically affecting the HTTP RPC API component, which can lead to resource consumption when exploited. The vulnerability can be exploited remotely, although the complexity of the attack is considered high, making successful exploitation difficult. Organizations using affected products are advised to upgrade to version 3.7.1, which addresses this issue and is expected to be released in September 2024. The potential danger includes significant resource exhaustion, which could disrupt services and operations if not remediated promptly. The vendor was notified of this vulnerability on July 24, 2024.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database