Which versions of Ssti are affected by CVE-2024-9150?

Organizations using Report generation functionality in Wyn Enterprise face significant risk from CVE-2024-9150 rated CVSS 8.7.

How to fix or mitigate CVE-2024-9150?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Ssti CVE-2024-9150

Q: What is the CVSS score of CVE-2024-9150?

CVE-2024-9150 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

HIGH

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)

2025-02-21 cvd@cert.pl

Information Disclosure Ssti

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:27 vuln.today

CVE Published

Feb 21, 2025 - 12:15 nvd

HIGH 8.7

DescriptionNVD

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a host system with applications high privileges. This issue has been fixed in version 8.0.00204.0

AnalysisAI

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1336. Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a host system with applications high privileges. This issue has been fixed in version 8.0.00204.0 Version information: version 8.0.00204.0.

Affected ProductsAI

Wyn Enterprise.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-41065 HIGH This Week

8.9 Jun 04

Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh inst

CVE-2026-44181 CRITICAL Act Now

Jun 03

Server-side template injection in Jupyter Enterprise Gateway versions 2.0.0rc2 through 3.2.x allows remote attackers to

CVE-2024-9150 vulnerability details – vuln.today

Back

Ssti CVE-2024-9150

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Share

Ssti CVE-2024-9150

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code