CVE-2024-9971
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-9971 identifies a vulnerability in the FlowMaster BPM Plus from NewType, where improper user input restrictions allow remote attackers to execute SQL injection attacks. Affected products include zgFyk7, zgFyk6, zeRkwJ, and zeRf5P. The vulnerability has a CVSS base score of 8.8, indicating high severity with potential impacts on confidentiality, integrity, and availability due to the ability to read, modify, or delete database contents. To remediate this issue, organizations should implement proper input validation and limit user privileges on affected systems. Given the low privileges required for exploitation and the lack of user interaction needed, this vulnerability poses a significant risk to organizations utilizing these products.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.