Publisher: ENISA
Document category: csaf_security_advisory
Initial release date: 2024-05-25T10:00:00.000Z
Engine: Secvisogram 2.5.4
Current release date: 2024-05-28T10:00:00.000Z
Build Date: 2024-05-28T09:31:41.746Z
Current version: 2
Status: final
CVSSv3.1 Base Score: 9.8
Severity:
Original language:
Language: en-US
Also referred to:
Default installations of the product PMB contain a vulnerability that can enable the execution of malicious code.
Vulnerability Description
Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18, from 7.5.1 before 7.5.6-2.
CWE: CWE-502:Deserialization of Untrusted Data
- PMB 7.5.6-2
- PMB 7.5.7
- PMB 7.4.9
- PMB 7.3.18
- Centre for Cybersecurity Belgium (self) https://cert.be/en/advisory/warning-remote-code-inclusion-vulnerability-multiple-versions-pmb-library-software-patch
- CVE Record (self) https://www.cve.org/CVERecord?id=CVE-2024-26289
ENISA thanks the following parties for their efforts:
- Johan Caluwe from CCB / CERT.be for Discovery and coordination
- ANSSI / CERT-FR for Coordination support
Namespace: https://enisa.europa.eu
Version
Date of the revision
Summary of the revision
1 2024-05-22T10:00:00.000Z Initial version.
2 2024-05-28T10:00:00.000Z Additional references added.
TLP:WHITE
For the TLP version see: https://www.first.org/tlp
This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. ENISA as the publisher reserves the right to change or update this document at any time.
New File at advisories/2024 · enisaeu/CNW