CVE-2024-39334

MEDIUM

MENDELSON AS4 <2024 B376 - Code Injection

Title source: llm

Description

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not affected.)

References (1)

[Various Sources] https://mendelson-e-c.com/node/27845

Scores

CVSS v3 6.5

EPSS 0.0012

EPSS Percentile 30.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-502

Status draft

Timeline

Published Jun 23, 2024

Tracked Since Feb 18, 2026