{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T04:06:38.508","vulnerabilities":[{"cve":{"id":"CVE-2024-5722","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-11-22T20:15:10.787","lastModified":"2025-07-10T16:06:07.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170."},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código criptográfico codificado de forma rígida en la API HTTP de Logsign Unified SecOps Platform. Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar código arbitrario en las instalaciones afectadas de Logsign Unified SecOps Platform. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe dentro de la API HTTP. El problema es el resultado del uso de una clave criptográfica codificada de forma rígida. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de la raíz. Era ZDI-CAN-24170."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:logsign:unified_secops_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.6","versionEndExcluding":"6.4.8","matchCriteriaId":"128604F1-8D43-4768-929E-94957151B9E9"}]}]}],"references":[{"url":"https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-614/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}