CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp	Vendor Advisory
https://typo3.org/security/advisory/typo3-core-sa-2024-011	Vendor Advisory
https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::

History

03 Sep 2025, 17:31

Type	Values Removed	Values Added
References	~~() https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp -~~	() https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp - Vendor Advisory
References	~~() https://typo3.org/security/advisory/typo3-core-sa-2024-011 -~~	() https://typo3.org/security/advisory/typo3-core-sa-2024-011 - Vendor Advisory
References	~~() https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar -~~	() https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar - Exploit, Third Party Advisory
CWE		NVD-CWE-noinfo
First Time		Typo3 typo3 Typo3
CPE		cpe:2.3:a:typo3:typo3::::::::

Information

Published : 2024-10-28 14:15

Updated : 2025-09-03 17:31

NVD link : CVE-2024-34537

Mitre link : CVE-2024-34537

CVE.ORG link : CVE-2024-34537

JSON object : View

Products Affected

typo3

typo3

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-34537", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-10-28T14:15:04.740", "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-011", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1."}, {"lang": "es", "value": "TYPO3 anterior a la versi\u00f3n 13.3.1 permite la denegaci\u00f3n de servicio (error de interfaz) en la barra de marcadores (ext:backend), que puede ser explotada por una cuenta de usuario de backend de nivel de administrador mediante datos manipulados guardados en la barra de marcadores de la interfaz de usuario de backend. Las versiones corregidas son 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS y 13.3.1."}], "lastModified": "2025-09-03T17:31:07.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD52EDD0-01D2-44B1-81FE-248BF4319A09", "versionEndExcluding": "10.4.46", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C628257E-344C-4688-8615-3D84F77FFA13", "versionEndExcluding": "11.5.40", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3CA3D6C-1394-47B8-8774-375E9A522B70", "versionEndExcluding": "12.4.21", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26A3AB06-C773-47E2-9D59-F3B1F754C10D", "versionEndExcluding": "13.3.1", "versionStartIncluding": "13.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}