THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-5683

Remote Code Execution in Next4Biz's BPM

Assigner:TR-CERT
Reserved:2024-06-06
Published:2024-06-24
Updated:2024-06-24

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.



CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

6.6.4.4 before 6.6.4.5
affected

Credits

Ertuğrul KUZGUN finder

Ömer Barış EREN finder

References

https://www.usom.gov.tr/bildirim/tr-24-0739

cve.org CVE-2024-5683

nvd.nist.gov CVE-2024-5683

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-5683
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit