CVE-2024-0740

moderate-risk
Published 2024-04-26

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03

Do I need to act?

~
9.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Target Management

Affected Vendors

Eclipse

References (4)

Patch https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
Exploit https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171
Patch https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
Exploit https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 5/34 · Minimal