CVE-2024-24811 — CRITICAL (9.8)

Q: How severe is CVE-2024-24811?

CVE-2024-24811 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-24811?

Check the references section above for vendor advisories and patch information. Affected products include: Zope Sqlalchemyda.

Vulnerability Description

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zope	Sqlalchemyda	< 2.2

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2024-24811?

CVE-2024-24811 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQ...

How severe is CVE-2024-24811?

CVE-2024-24811 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-24811?

Check the references section above for vendor advisories and patch information. Affected products include: Zope Sqlalchemyda.