CVE-2024-48849 – FLXEON WebSockets Origin Validation Bypass

The following table lists the changes that have been made to the CVE-2024-48849 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 29, 2025

    Action Type Old Value New Value
    Added Description Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
    Added CWE CWE-1385
    Added Reference https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

نوشته های مشابه

CVE-2025-20094 – Microsoft Defense Platform Windows RCE (Shatter)

CVE-2025-23236 – Cisco Defense Platform Home Edition Buffer Overflow Elevates Privileges

CVE-2024-51547 – ABB ASPECT-Enterprise/NEXUS Series/MATRIX Series Hard-coded Credentials Vulnerability

CVE-2024-51450 – IBM Security Verify Directory Command Injection