Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-48008

ASP.NET Misconfiguration: Creating Debug Binary

Published: Dec 13, 2024 | Modified: Feb 04, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-48008
CWEhttps://cwe.mitre.org/data/definitions/11.html

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information

Weakness

Debugging messages help attackers learn about the system and plan a form of attack.

Affected Software

Name Vendor Start Version End Version
Recoverpoint_for_virtual_machines Dell 6.0-sp1 (including) 6.0-sp1 (including)
Recoverpoint_for_virtual_machines Dell 6.0-sp1_p1 (including) 6.0-sp1_p1 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use