CVE-2024-12801
Description
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
EPSS Score
Exploitation Probability
0.046
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2024-12798,CVE-2024-12801 are fixed in QOS.ch-logback-core 1.5.13 | Windows |
| Vulnerabilities CVE-2024-12798,CVE-2024-12801 are fixed in QOS.ch-logback-core 1.3.15 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.1 | Windows |
| Vulnerabilities CVE-2024-12798,CVE-2024-12801 are fixed in QOS.ch-logback-core for Linux 1.5.13 | Linux |
| Vulnerabilities CVE-2024-12798,CVE-2024-12801 are fixed in QOS.ch-logback-core for Linux 1.3.15 | Linux |
| CVE-2024-12801 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234