CVE-2024-40711

CriticalKnown ExploitedRansomware

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

hackerone·CWE-502·Published 2024-09-07

CVSS

9.8

EPSS

0.88

KEV

Yes

Exploits

cve.orgen

132 chars

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

NVDen

132 chars

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Una vulnerabilidad de deserialización de datos no confiables con un payload malicioso puede permitir una ejecución remota de código no autenticada (RCE).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	9.8	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	9.8	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.0	Secondary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H