CVE-2024-5072
published 2024-05-17CVE-2024-5072: Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.68%
47.6th percentile
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | devolutions_server | < 2024.1.12.0 | 2024.1.12.0 |
| devolutions | server | <= 2024.1.11.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-63j7-4362-2cgm: Improper input validation in PAM JIT elevation feature in Devolutions Server 2024
ghsa_unreviewed·2024-05-17
CVE-2024-5072 [MEDIUM] GHSA-63j7-4362-2cgm: Improper input validation in PAM JIT elevation feature in Devolutions Server 2024
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
Oracle
Oracle Oracle Systems Risk Matrix: Tools (JSON-java) — CVE-2023-5072
vendor_oracle·2024-10-15·CVSS 7.5
CVE-2023-5072 [HIGH] Oracle Oracle Systems Risk Matrix: Tools (JSON-java) — CVE-2023-5072
Oracle Oracle Systems Risk Matrix: Tools (JSON-java) vulnerability
CVE: CVE-2023-5072
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2024 (OCT 2024)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Discussion Forums (JSON-java) — CVE-2023-5072
vendor_oracle·2024-07-15·CVSS 7.5
CVE-2023-5072 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Discussion Forums (JSON-java) — CVE-2023-5072
Oracle Oracle Fusion Middleware Risk Matrix: Discussion Forums (JSON-java) vulnerability
CVE: CVE-2023-5072
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2024 (JUL 2024)
Oracle
Oracle Oracle Database Server Risk Matrix: GraalVM Multilingual Engine — CVE-2023-5072
vendor_oracle·2024-04-15·CVSS 4.3
CVE-2023-5072 [HIGH] Oracle Oracle Database Server Risk Matrix: GraalVM Multilingual Engine — CVE-2023-5072
Oracle Oracle Database Server Risk Matrix: GraalVM Multilingual Engine vulnerability
CVE: CVE-2023-5072
CVSS: 4.3
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2024 (APR 2024)
Oracle
Oracle Oracle GoldenGate Risk Matrix: Oracle GoldenGate (JSON-java) — CVE-2023-5072
vendor_oracle·2024-01-15·CVSS 3.7
CVE-2023-5072 [HIGH] Oracle Oracle GoldenGate Risk Matrix: Oracle GoldenGate (JSON-java) — CVE-2023-5072
Oracle Oracle GoldenGate Risk Matrix: Oracle GoldenGate (JSON-java) vulnerability
CVE: CVE-2023-5072
CVSS: 3.7
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
Suricata
GPL RPC portmap rpc.xfsmd request TCP
suricata·2010-09-23
CVE-2002-0359 GPL RPC portmap rpc.xfsmd request TCP
GPL RPC portmap rpc.xfsmd request TCP
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap rpc.xfsmd request TCP"; flow:established,to_server; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 05 F7|h"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; reference:bugtraq,5072; reference:bugtraq,5075; reference:cve,2002-0359; classtype:rpc-portmap-decode; sid:2102082; rev:11; metadata:created_at 2010_09_23, cve CVE_2002_0359, signature_severity Informational, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
2024-05-17
Published