ATS up to 9.2.8/10.0.3 Plugin access control

Summaryinfo

A vulnerability was found in ATS up to 9.2.8/10.0.3 and classified as critical. The affected element is an unknown function of the component Plugin Handler. The manipulation results in access control. This vulnerability is reported as CVE-2024-56195. No exploit exists. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in ATS up to 9.2.8/10.0.3. Affected is an unknown code of the component Plugin Handler. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. This is going to have an impact on confidentiality, integrity, and availability.

The advisory is available at seclists.org. This vulnerability is traded as CVE-2024-56195. The exploitability is told to be easy. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

The vulnerability scanner Nessus provides a plugin with the ID 232189 (Linux Distros Unpatched Vulnerability : CVE-2024-56195), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 9.2.9 or 10.0.4 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (232189). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• ATS

Version

• 9.2.0
• 9.2.1
• 9.2.2
• 9.2.3
• 9.2.4
• 9.2.5
• 9.2.6
• 9.2.7
• 9.2.8
• 10.0.0
• 10.0.1
• 10.0.2
• 10.0.3

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion