CVE Database · CVE-2024-36130
CVSS v3.1
9.8
EPSS
2.25%
Published
Aug 7, 2024
Modified
Mar 13, 2025
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (1)
References (1)