CVE-2024-37899 — AI Deep Analysis Summary

🚨 **Essence**: Disabling a user account changes its author identity. 💥 **Consequence**: Attackers can hijack this identity to execute **Remote Code Execution (RCE)**. Critical integrity loss!

🛡️ **Root Cause**: **CWE-94** (Code Injection). The flaw lies in how the system handles author attribution when accounts are disabled, allowing malicious code injection via the altered author context.

📦 **Affected**: XWiki Platform versions **before** 14.10.21, 15.5.5, 15.10.6, and 16.0.0. 📅 **Published**: June 20, 2024.

💀 **Impact**: Full **RCE**. Attackers gain High Confidentiality, Integrity, and Availability impact. They can run arbitrary code on the server, not just view data!

⚠️ **Threshold**: **Low**. CVSS: AV:N (Network), AC:L (Low Complexity), PR:L (Low Privileges needed), UI:R (User Interaction). You need low-level access and a click, but it's easy to exploit.

🔍 **Exploit Status**: No public PoC listed in data. However, the CVSS score (9.8) suggests high severity. **Assume Wild Exploitation is possible** soon. Don't wait!

🔎 **Self-Check**: Scan for XWiki Platform versions < 14.10.21 / 15.5.5 / 15.10.6 / 16.0.0. Look for user management features where account disabling triggers author changes.

✅ **Fixed**: Yes! Official patches released in versions **14.10.21**, **15.5.5**, **15.10.6**, and **16.0.0**. Check the GitHub commit for the fix.

🚧 **No Patch?**: Isolate the instance. Restrict user account management permissions. Monitor logs for unusual author changes during account disablement. **Upgrade ASAP**.

🔥 **Urgency**: **CRITICAL**. CVSS 9.8 is nearly perfect. RCE via simple user interaction is a nightmare. **Patch immediately** to prevent server takeover!