CVE-2024-6784 — Server-Side Request Forgery in Aspect-ent-12 Firmware

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.3%

top 50.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Aspect-ent-12 Firmware ABB Aspect-ent-256 Firmware ABB Aspect-ent-2 Firmware +19 more

Timeline

PublishedDec 5

Description

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:N

Affected Packages22 packages

▶CVEListV5abb/nexus_series3.08.02

▶CVEListV5abb/matrix_series3.08.02

▶CVEListV5abb/aspect-enterprise3.08.02

▶NVDabb/matrix-11_firmware< 3.08.03

▶NVDabb/nexus-264_firmware< 3.08.03

🔴Vulnerability Details

CVEList

SSRF Server Side Request Forgery↗2024-12-05

▶

GHSA

GHSA-78qv-q99m-4f2r: Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosur↗2024-12-05

▶