CVE-2024-28028 HIGH

CVE-2024-28028

Vendor N/A

Product Intel(R) Neural Compressor software

Weakness CWE-20 · Input validation

Published November 13, 2024

Last update November 14, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Key dates

02Disclosure timeline

November 13, 2024 CVE published

November 14, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-28028 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2021-35254 Authenticated Remote Code Execution in WebHelpDesk 12.7.8 CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters CVE-2019-18995 ABB PB610 HMISimulator does not check content-length of the HTTP request CVE-2024-25090 Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

Identifiers

CVE CVE-2024-28028

CWE CWE-20

CVSS 7.5 / HIGH

Affected versions

Vendor N/A

Product Intel(R) Neural Compressor software

Affected before version v3.0