Omnivise T3000 App Server authentication bypass exposed port to public
CVE-2024-38879 Published on August 2, 2024
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2024-38879
stack.watch emails you whenever new vulnerabilities are published in Siemens Omnivise T3000 Application Server or Siemens Omnivise T3000. Just hit a watch button to start following.
Affected Versions
Siemens Omnivise T3000 Application Server R9.2:- Before * is affected.
- Before * is affected.
- Before * is affected.
- Version r9.2, <= * is affected.
- Version r8.2_sp3, <= * is affected.
- Version r8.2_sp4, <= * is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.