CVE-2024-52057 CRITICAL

CVE-2024-52057: Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files

Vendor Rti

Product Connext Professional

Weakness CWE-89 · SQLi

Published December 13, 2024

Last update February 7, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*.

Key dates

02Disclosure timeline

December 13, 2024 CVE published

February 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-52057 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2024-52057

CWE CWE-89

CVSS 9.1 / CRITICAL

Affected versions

Vendor Rti

Product Connext Professional

Affected ≥ 7.0.0 and < 7.3.0

Vendor Rti

Product Connext Professional

Affected ≥ 5.2.0 and < 6.1.2.17

CVE-2024-52057: Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files

01Description

02Disclosure timeline

03References

04Related CVE