Server-Side Template Injection Vulnerability in Logpoint Products
CVE-2024-56085
Currently unrated
What is CVE-2024-56085?
A critical security vulnerability identified as CVE-2024-56085 has been discovered in Logpoint products before version 7.5.0. This vulnerability allows authenticated users to exploit the system by injecting malicious payloads during the creation of Search Template Dashboards. The server processes these payloads, resulting in Server-Side Template Injection (SSTI), which may allow attackers to manipulate server-side execution context and potentially access sensitive information or execute unauthorized commands. Organizations using vulnerable Logpoint versions should prioritize updating to version 7.5.0 or later to mitigate this risk.