CVE-2024-13949 — Improper Output Neutralization for Logs in Aspect-enterprise

CWE-117 — Improper Output Neutralization for Logs3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.3%

top 51.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-enterprise ABB Matrix Series ABB Nexus Series

Timeline

PublishedMay 22

Description

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Affected Packages3 packages

▶CVEListV5abb/nexus_series3.*

▶CVEListV5abb/matrix_series3.*

▶CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

GHSA

GHSA-wcmm-3mhw-34w9: Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromi↗2025-05-22

▶

CVEList

Log Forging↗2025-05-22

▶