CVE-2024-38879 HIGH

CVE-2024-38879

Vendor Siemens

Product Omnivise T3000 Application Server R9.2

Weakness CWE-20 · Input validation

Published August 2, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.

Key dates

02Disclosure timeline

August 2, 2024 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-38879 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2024-38879

CWE CWE-20

CVSS 7.5 / HIGH

Affected versions

Vendor Siemens

Product Omnivise T3000 Application Server R9.2

Affected < *

Vendor Siemens

Product Omnivise T3000 R8.2 SP3

Affected < *

Vendor Siemens

Product Omnivise T3000 R8.2 SP4

Affected < *

CVE-2024-38879

01Description

02Disclosure timeline

03References

04Related CVE