CVE-2024-2449

LoadMaster Cross-Site Request Forgery (CSRF)

CVSS 7.5 HIGHEPSS 12.9%CWE-352

A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

Progress Software · LoadMaster

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://progress.com/loadmaster https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449