Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

PlexTrac, Inc.

#5fea7123-217b-4b2d-ada8-8892719b43cd
PolicyEmail

Short Name

PlexTrac

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

plextrac.com

Country

USA

Scope

Vulnerabilities within PlexTrac’s products.
Reported CVEsVendorsProductsReports
8Vulnerabilities found
CVE-2024-12687
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-8.6||HIGH
EPSS-0.13% / 32.63%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 19:09
Updated-17 Dec, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure YAML Deserialization

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-11839
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-8.6||HIGH
EPSS-0.13% / 33.83%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 05:51
Updated-23 Dec, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Deserialization via Runbooks Imports

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-11838
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-8.6||HIGH
EPSS-0.12% / 32.09%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 05:51
Updated-16 Dec, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local File Inclusion

External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-73
External Control of File Name or Path
CVE-2024-11837
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-8.6||HIGH
EPSS-0.21% / 43.14%
||
7 Day CHG+0.02%
Published-13 Dec, 2024 | 05:50
Updated-16 Dec, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
N1QL Injection

Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac  allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-11836
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-8.6||HIGH
EPSS-0.09% / 27.21%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 05:50
Updated-16 Dec, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-side Request Forgery

Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-11835
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-7||HIGH
EPSS-0.12% / 32.09%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 05:49
Updated-16 Dec, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service

Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-11834
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-8.9||HIGH
EPSS-0.20% / 42.25%
||
7 Day CHG+0.04%
Published-13 Dec, 2024 | 05:49
Updated-16 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Write via PTRAC Import

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-11833
Assigner-PlexTrac, Inc.
ShareView Details
Assigner-PlexTrac, Inc.
CVSS Score-8.9||HIGH
EPSS-0.20% / 41.95%
||
7 Day CHG+0.02%
Published-13 Dec, 2024 | 05:49
Updated-16 Dec, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary Directory Write via Runbooks Artifact Upload

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

Action-Not Available
Vendor-PlexTrac
Product-PlexTrac
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')