CVE-2024-2377

{"id": "CVE-2024-2377", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.9}]}, "published": "2024-04-30T13:15:46.830", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true", "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information."}, {"lang": "es", "value": "Existe una vulnerabilidad en la configuraci\u00f3n del servidor web del encabezado de respuesta HTTP demasiado permisiva del SDM600. Un atacante puede aprovechar esto y posiblemente realizar acciones privilegiadas y acceder a informaci\u00f3n confidencial."}], "lastModified": "2024-04-30T17:52:35.057", "sourceIdentifier": "cybersecurity@hitachienergy.com"}