Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Remote Code Execution while creating Universal Normalizer

Avatar Kripa Thapa
February 04, 2025 08:41
Follow

Advisory ID: LVD-2024-014

CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 7.5

Severity: High

CVE: CVE-2024-56084

CWE: CWE-77

Date Published: 2024-10-15

Description:

Authenticated users can inject payloads while creating Universal Normalizer, which gets executed leading to Remote Code Execution.

Affected Product:

Universal Normalizer v5.6.0.

Solution:

Upgrade to Universal Normalizer v5.7.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Comments

Article is closed for comments.

Related articles

  • Remote Code Execution while creating Report Templates
  • Server-Side Template Injection (SSTI) in Search Template Dashboard
  • Universal Normalizer
  • Arbitrary file deletion through URL Injection to SAML SSO-URL Response
  • Server-Side Template Injection (SSTI) in Search Template Dashboard Queries
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.