CVE-2024-12867
8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Amber
Summary
Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arctic Security | Arctic Hub | 3.0.1764 <= 5.5.1872 | affected |
| Arctic Security | Arctic Hub | 5.6.1877 | unaffected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
Workarounds
If upgrading is not possible, apply the hotfix as instructed in the version 5.6.1877 release note which was distributed to all Arctic Hub users on 12th of December 2024.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.