CVE-2024-9971

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 15, 2024
CWE ID 89

Summary

CVE-2024-9971 identifies a vulnerability in the FlowMaster BPM Plus from NewType, where improper user input restrictions allow remote attackers to execute SQL injection attacks. Affected products include zgFyk7, zgFyk6, zeRkwJ, and zeRf5P. The vulnerability has a CVSS base score of 8.8, indicating high severity with potential impacts on confidentiality, integrity, and availability due to the ability to read, modify, or delete database contents. To remediate this issue, organizations should implement proper input validation and limit user privileges on affected systems. Given the low privileges required for exploitation and the lack of user interaction needed, this vulnerability poses a significant risk to organizations utilizing these products.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share