CVE-2024-33857

moderate-risk
Published 2024-05-07

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.

Do I need to act?

-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Logpoint

References (4)

Vendor Advisory https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Re...
Product https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center
Vendor Advisory https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Re...
Product https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center
38
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal