{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T13:35:56.993","vulnerabilities":[{"cve":{"id":"CVE-2024-9150","sourceIdentifier":"cvd@cert.pl","published":"2025-02-21T12:15:30.463","lastModified":"2026-06-17T08:24:03.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a host system with applications high privileges.\nThis issue has been fixed in version 8.0.00204.0"},{"lang":"es","value":"La función de generación de informes de Wyn Enterprise permite la inclusión de código, pero no limita lo suficiente el código que se puede incluir. Un atacante puede usar una cuenta con privilegios bajos para abusar de esta función y ejecutar código malicioso, cargar librerías DLL y ejecutar comandos del sistema operativo en un sistema host con aplicaciones con privilegios altos. Este problema se ha solucionado en la versión 8.0.00204.0"}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"Wyn Enterprise","product":"Wyn Enterprise","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.0.00204.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-21T13:13:26.347317Z","id":"CVE-2024-9150","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://cert.pl/en/posts/2025/02/CVE-2024-9150","source":"cvd@cert.pl"},{"url":"https://efigo.pl/blog/cve-2024-9150/","source":"cvd@cert.pl"},{"url":"https://www.wynenterprise.com/","source":"cvd@cert.pl"}]}}]}