CVE-2024-11220
EUVD-2024-3405106.12.2024, 18:15
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openautomationsoftware | open_automation_software | 𝑥 < 20.0.0.76 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| openautomationsoftware | oas_platform | 𝑥 < 20.00.0076 | ADP |
Common Weakness Enumeration
- CWE-279 - Incorrect Execution-Assigned PermissionsWhile it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.