CVE-2024-36130

Critical

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network…

hackerone·CWE-287·Published 2024-08-07

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

220 chars

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

NVDen

220 chars

NVDes

232 chars

Una vulnerabilidad de autorización insuficiente en el componente web de EPMM anterior a 12.1.0.1 permite que un atacante no autorizado dentro de la red ejecute comandos arbitrarios en el sistema operativo subyacente del dispositivo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	9.8	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	9.8	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H