CVE-2024-34537

{"id": "CVE-2024-34537", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-10-28T14:15:04.740", "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp", "source": "cve@mitre.org"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-011", "source": "cve@mitre.org"}, {"url": "https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1."}, {"lang": "es", "value": "TYPO3 anterior a la versi\u00f3n 13.3.1 permite la denegaci\u00f3n de servicio (error de interfaz) en la barra de marcadores (ext:backend), que puede ser explotada por una cuenta de usuario de backend de nivel de administrador mediante datos manipulados guardados en la barra de marcadores de la interfaz de usuario de backend. Las versiones corregidas son 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS y 13.3.1."}], "lastModified": "2024-10-31T17:15:12.903", "sourceIdentifier": "cve@mitre.org"}