CVE-2024-45387
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
23/12/2024
Last modified:
11/02/2025
Description
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.<br />
<br />
Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
Impact
Base Score 3.x
9.90
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:* | 8.0.0 (including) | 8.0.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page