Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-13971
PUBLISHED
More InfoOfficial Page
Assigner-SCHUTZWERK
Assigner Org ID-23637b5d-af4c-4cf9-b8f6-deb7fd0f8423
View Known Exploited Vulnerability (KEV) details
Published At-30 Apr, 2026 | 12:11
Updated At-30 Apr, 2026 | 13:15
Rejected At-
▼CVE Numbering Authority (CNA)
Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Affected Products
Vendor
Lobster GmbH
Product
Lobster_pro
Platforms
  • Windows
Default Status
unknown
Versions
Affected
  • From 0 before 4.12.6-GA (custom)
Unaffected
  • 4.12.6-GA (custom)
Problem Types
TypeCWE IDDescription
CWECWE-611CWE-611 Improper Restriction of XML External Entity Reference
Type: CWE
CWE ID: CWE-611
Description: CWE-611 Improper Restriction of XML External Entity Reference
Metrics
VersionBase scoreBase severityVector
4.07.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/V:C
Version: 4.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/V:C
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-497CAPEC-497 File Discovery
CAPEC-664CAPEC-664 Server Side Request Forgery
CAPEC ID: CAPEC-497
Description: CAPEC-497 File Discovery
CAPEC ID: CAPEC-664
Description: CAPEC-664 Server Side Request Forgery
Solutions

Update to Lobster_pro release 4.12.6-GA or higher.

Configurations
Workarounds
Exploits
Credits
finder
Marcelo Reyes of SCHUTZWERK GmbH
Timeline
EventDate
Initial contact with vendor2024-08-12 11:00:00
Vulnerability reported to vendor2024-08-14 11:00:00
CVE ID requested2024-08-14 11:00:00
Initial feedback received from vendor: unable to reproduce2024-08-22 11:00:00
Vulnerability demonstrated in vendor's "Community server"2024-08-28 11:00:00
Vulnerability reported fixed by vendor in Lobster_pro release 4.12.6-GA2024-09-19 11:00:00
Reserved CVE ID CVE-2024-139712025-07-03 11:00:00
Advisory released2026-04-30 11:00:00
Event: Initial contact with vendor
Date: 2024-08-12 11:00:00
Event: Vulnerability reported to vendor
Date: 2024-08-14 11:00:00
Event: CVE ID requested
Date: 2024-08-14 11:00:00
Event: Initial feedback received from vendor: unable to reproduce
Date: 2024-08-22 11:00:00
Event: Vulnerability demonstrated in vendor's "Community server"
Date: 2024-08-28 11:00:00
Event: Vulnerability reported fixed by vendor in Lobster_pro release 4.12.6-GA
Date: 2024-09-19 11:00:00
Event: Reserved CVE ID CVE-2024-13971
Date: 2025-07-03 11:00:00
Event: Advisory released
Date: 2026-04-30 11:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/
N/A
Hyperlink: https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found