CVE-2024-6644

MEDIUM

zmops ArgusDBM <0.1.0 - Deserialization

Title source: llm

Description

A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability.

References (4)

[Issue Tracking] https://github.com/zmops/ArgusDBM/issues/64

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.271050

[Permissions Required, VDB Entry] https://vuldb.com/?id.271050

[Permissions Required, VDB Entry] https://vuldb.com/?submit.367347

Scores

CVSS v3 6.3

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502

Status draft

Timeline

Published Jul 10, 2024

Tracked Since Feb 18, 2026