Keyfactor Command Vulnerable to SQL Injection, Code Execution and Privilege Escalation
CVE-2024-33872

9.8CRITICAL

Key Information:

Vendor: Keyfactor
Status: Keyfactor Command
Vendor: CVE Published:; 20 August 2024

What is CVE-2024-33872?

A SQL Injection vulnerability has been identified in Keyfactor Command versions 10.5.x prior to 10.5.1 and 11.5.x before 11.5.1. This flaw allows an attacker to manipulate SQL queries, potentially leading to unauthorized code execution and escalation of privileges, thereby compromising the security and integrity of the application. Organizations using these versions should apply security patches and updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2024
Vulnerability Reserved
Apr 27, 2024

JSON

Keyfactor

What is CVE-2024-33872?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.