How severe is CVE-2024-11220?

CVE-2024-11220 has a CVSS v3 score of 7.8 (HIGH).

CVE-2024-11220

Name: open_automation_software
Author: openautomationsoftware

7.8HIGH

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file o

Veröffentlicht: 12/6/2024Aktualisiert: 1/23/2025

Beschreibung

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

KI-AnalyseKI-gestützt

Betroffene Produkte

openautomationsoftwareopen_automation_software

Referenzen

https://openautomationsoftware.com/downloads/
Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-03
US Government Resource