CVE-2024-55354

{"id": "CVE-2024-55354", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2025-04-08T22:15:14.887", "references": [{"url": "https://dev.lucee.org/t/lucee-cve-2024-55354-security-advisory-april-2025/14963", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-807"}]}], "descriptions": [{"lang": "en", "value": "Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected."}, {"lang": "es", "value": "En Lucee anterior a 5.4.7.3 LTS y 6 anterior a 6.1.1.118, cuando un atacante puede colocar archivos en el servidor, es vulnerable a una falla del mecanismo de protecci\u00f3n que puede permitir que un atacante ejecute c\u00f3digo que se esperar\u00eda que estuviera bloqueado y acceda a recursos que se esperar\u00eda que estuvieran protegidos."}], "lastModified": "2025-04-10T00:15:17.633", "sourceIdentifier": "[email protected]"}