CVE-2024-33857

Published: May 7, 2024Modified: Apr 18, 2025

9.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Exploitability: 3.1 / Impact: 5.8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.

Affected (1)

Products: Logpoint: Siem

Logpoint

1 product

Siem

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Logpoint Siem	Before 7.4.0

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence

Source: cve@mitre.org

Vendor Advisory

https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center

Source: cve@mitre.org

Product

https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.