WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 27 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-75
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Mon, 23 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Woodwing Elvis Dam
Woodwing Elvis Dam woodwing Elvis Dam
Weaknesses CWE-94
CPEs cpe:2.3:a:woodwing_elvis_dam:woodwing_elvis_dam:*:*:*:*:*:*:*:*
Vendors & Products Woodwing Elvis Dam
Woodwing Elvis Dam woodwing Elvis Dam
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Description WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-27T14:06:15.365Z

Reserved: 2024-06-10T00:00:00

Link: CVE-2024-37779

cve-icon Vulnrichment

Updated: 2024-09-23T19:57:59.466Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-23T20:15:04.637

Modified: 2024-09-27T14:35:03.517

Link: CVE-2024-37779

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.