Unauthenticated Remote Attacker Can Inject Log Data Due to Input Validation Flaw
CVE-2024-25997

5.3MEDIUM

Key Information:

What is CVE-2024-25997?

An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.

CHARX SEC-3000 0 <= 1.5.0

CHARX SEC-3050 0 <= 1.5.0

CHARX SEC-3100 0 <= 1.5.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Chris Anastasio

Fabius Watson