1. Home
  2. CVE Database
  3. CVE-2024-39334
MEDIUM · 6.5

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be writte...

Vulnerability Description

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not affected.)

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-502

References

FAQ

What is CVE-2024-39334?

CVE-2024-39334 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be writte...

How severe is CVE-2024-39334?

CVE-2024-39334 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39334?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.