ByteOS Network

Vulnerability Details :

CVE-2024-42048

Summary

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-07 Aug, 2025 | 00:00

Updated At-07 Aug, 2025 | 20:35

OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:07 Aug, 2025 | 00:00

Updated At:07 Aug, 2025 | 20:35

▼CVE Numbering Authority (CNA)

OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order	N/A
https://support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1	N/A
https://resources.infosecinstitute.com/topic/dll-hijacking	N/A
https://attack.mitre.org/techniques/T1574/001	N/A
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya	N/A
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa	N/A
https://www.openorange.com	N/A
https://landings.openorange.com/l/erp-peru-a.html	N/A
https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20DLL%20Hijacking%20in%20OpenOrange%20Business%20Framework%20Allows%20Arbitrary%20Code%20Execution%20and%20Potential%20Privilege%20Escalation.txt	N/A

Hyperlink: https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order

Resource: N/A

Hyperlink: https://support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1

Resource: N/A

Hyperlink: https://resources.infosecinstitute.com/topic/dll-hijacking

Resource: N/A

Hyperlink: https://attack.mitre.org/techniques/T1574/001

Resource: N/A

Hyperlink: https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya

Resource: N/A

Hyperlink: https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa

Resource: N/A

Hyperlink: https://www.openorange.com

Resource: N/A

Hyperlink: https://landings.openorange.com/l/erp-peru-a.html

Resource: N/A

Hyperlink: https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20DLL%20Hijacking%20in%20OpenOrange%20Business%20Framework%20Allows%20Arbitrary%20Code%20Execution%20and%20Potential%20Privilege%20Escalation.txt

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-284	CWE-284 Improper Access Control

Type: CWE

CWE ID: CWE-284

Description: CWE-284 Improper Access Control

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:07 Aug, 2025 | 17:15

Updated At:07 Aug, 2025 | 21:26

OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-284	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-284

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://attack.mitre.org/techniques/T1574/001	cve@mitre.org	N/A
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya	cve@mitre.org	N/A
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa	cve@mitre.org	N/A
https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order	cve@mitre.org	N/A
https://landings.openorange.com/l/erp-peru-a.html	cve@mitre.org	N/A
https://raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20DLL%20Hijacking%20in%20OpenOrange%20Business%20Framework%20Allows%20Arbitrary%20Code%20Execution%20and%20Potential%20Privilege%20Escalation.txt	cve@mitre.org	N/A
https://resources.infosecinstitute.com/topic/dll-hijacking	cve@mitre.org	N/A
https://support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1	cve@mitre.org	N/A
https://www.openorange.com	cve@mitre.org	N/A

Hyperlink: https://attack.mitre.org/techniques/T1574/001

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://landings.openorange.com/l/erp-peru-a.html

Source: cve@mitre.org

Resource: N/A

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://resources.infosecinstitute.com/topic/dll-hijacking

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.openorange.com

Source: cve@mitre.org

Resource: N/A

Similar CVEs

53Records found

CVE-2024-41251

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.17% / 38.42%

7 Day CHG~0.00%

Published-07 Aug, 2024 | 00:00

Updated-13 Mar, 2025 | 21:15

An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.

Vendor-lopalopa n/a Kashipara Group

Product-responsive_school_management_system n/a responsive_school_management_system

CWE ID-CWE-284

Improper Access Control

CVE-2021-1389

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-5.8||MEDIUM

EPSS-0.23% / 45.24%

7 Day CHG~0.00%

Published-04 Feb, 2021 | 16:40

Updated-08 Nov, 2024 | 23:52

Cisco IOS XR and Cisco NX-OS Software IPv6 Access Control List Bypass Vulnerability

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.

Vendor-Cisco Systems, Inc.

Product-ncs_5502-se ncs_5508 ncs_5501 ncs_540 ncs_560 nx-os ncs_5516 nexus_9500_r nexus_3600 ios_xr ncs_5502 ncs_5501-se Cisco IOS XR Software

CWE ID-CWE-284

Improper Access Control

CVE-2020-7573

Matching Score-4

Assigner-Schneider Electric

View Details

Matching Score-4

Assigner-Schneider Electric

CVSS Score-6.5||MEDIUM

EPSS-0.20% / 42.11%

7 Day CHG~0.00%

Published-19 Nov, 2020 | 21:02

Updated-04 Aug, 2024 | 09:33

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.

Vendor-n/a

Product-webreports EcoStruxure Building Operation WebReports V1.9 - V3.1

CWE ID-CWE-284

Improper Access Control

CVE-2024-42048

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs