Netcat Content Management System
CVE-2024-8651
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (kaspersky) · only source for this CVE.
CVSS VectorVendor: kaspersky
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
AnalysisAI
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-204. A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. Affected products include: Netcat Netcat Content Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific
Same weakness CWE-204 – Observable Response Discrepancy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today