SQL Injection Vulnerability in DTStack Taier Web Console
CVE-2024-41579

9.8CRITICAL

Key Information:

Vendor: DTStack
Status: Taier
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-41579?

DTStack Taier version 1.4.0 is susceptible to a SQL injection vulnerability that allows remote attackers to manipulate the jobName parameter within the console listNames function. This manipulation can lead to unauthorized access to the underlying database, potentially exposing sensitive data. Organizations using this version of Taier should prioritize applying patches and implementing robust security measures to mitigate the risk associated with this vulnerability.

References

https://github.com/DTStack/Taier/issues/1184

https://gist.github.com/nerowander/380707503cfb078cbd6bed...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Jul 18, 2024

CVE-2024-41579 Data

JSON