TYPO3 <13.3.1 Denial of Service via Bookmark Toolbar (ext:backend): CVE-2024-34537 October 2024

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1.

Vulnerability Analysis

CVE-2024-34537 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Products Associated with CVE-2024-34537

Want to know whenever a new CVE is published for TYPO3? stack.watch will email you.

Exploit Probability

EPSS

0.25%

Percentile

47.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

TYPO3 <13.3.1 Denial of Service via Bookmark Toolbar (ext:backend)CVE-2024-34537 Published on October 28, 2024

Vulnerability Analysis

Products Associated with CVE-2024-34537

Exploit Probability

TYPO3 <13.3.1 Denial of Service via Bookmark Toolbar (ext:backend)
CVE-2024-34537 Published on October 28, 2024