Critical Vulnerability in IPC Unigy Management System Allowing Remote Server-Side Request Forgery

CVE-2024-11618
7.3HIGH

Key Information

Vendor
Ipc
Status
Unigy Management System
Vendor
CVE Published:
22 November 2024

Summary

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

Unigy Management System = 04.03.00.08.0027

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: null to: 7.3 - (HIGH)

  • VulDB entry last update

  • Vulnerability Reserved.

  • VulDB entry created

  • Advisory disclosed

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database

Credit

braga (VulDB User)
braga (VulDB User)
.