CVE-2024-12867

Summary

Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data.

Affected Software

VendorProductVersion RangeStatus
Arctic SecurityArctic Hub3.0.1764 <= 5.5.1872affected
Arctic SecurityArctic Hub5.6.1877unaffected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

Workarounds

If upgrading is not possible, apply the hotfix as instructed in the version 5.6.1877 release note which was distributed to all Arctic Hub users on 12th of December 2024.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References