CVE-2024-6784— SSRF Server Side Request Forgery

CVSS 9.9 · Critical EPSS 0.36% · P58 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-6784

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

SSRF Server Side Request Forgery

Source: NVD (National Vulnerability Database)

Vulnerability Description

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

服务端请求伪造(SSRF)

Source: NVD (National Vulnerability Database)

Vulnerability Title

ABB ASPECT 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ABB ASPECT是瑞士ABB公司的一个可扩展建筑能源管理和控制解决方案。 ABB ASPECT存在安全漏洞，该漏洞源于包含一个服务器端请求伪造漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE
ABB	ASPECT-Enterprise	0 ~ 3.08.02	-
ABB	NEXUS Series	0 ~ 3.08.02	-
ABB	MATRIX Series	0 ~ 3.08.02	-

II. Public POCs for CVE-2024-6784

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-6784

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-6784

Same Patch Batch · ABB · 2024-12-05 · 24 CVEs total

CVE-2024-51555	10.0 CRITICAL	Force Change of Default Credentials
CVE-2024-51551	10.0 CRITICAL	Default Credentials
CVE-2024-51550	10.0 CRITICAL	Data Validation / Sanitization
CVE-2024-51549	10.0 CRITICAL	Absolute Path Traversal
CVE-2024-51545	10.0 CRITICAL	Username Enumeration
CVE-2024-11317	10.0 CRITICAL	PHP Session Fixation
CVE-2024-48839	10.0 CRITICAL	Remote Code Execution, RCE
CVE-2024-48840	10.0 CRITICAL	Unauthorized Access
CVE-2024-51548	9.9 CRITICAL	Dangerous File Upload
CVE-2024-6515	9.6 CRITICAL	unauthorized file access
CVE-2024-48845	9.4 CRITICAL	Weak Password Rules/Strength
CVE-2024-51554	9.1 CRITICAL	off-by-one-error
CVE-2024-6516	9.0 CRITICAL	Cross Site Scripting XSS
CVE-2024-48847	8.2 HIGH	MD5 bypass operation
CVE-2024-51541	8.2 HIGH	Local File Inclusion
CVE-2024-51542	8.2 HIGH	Configuration Download
CVE-2024-51543	8.2 HIGH	Information Disclosure
CVE-2024-51544	8.2 HIGH	Service Control
CVE-2024-48844	7.7 HIGH	Denial of Service, DoS
CVE-2024-48843	7.7 HIGH	Denial of Service, DoS

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: ASPECT-Enterprise

Same vendor: ABB

Same weakness: CWE-918

V. Comments for CVE-2024-6784

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-6784— SSRF Server Side Request Forgery

I. Basic Information for CVE-2024-6784

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2024-6784

III. Intelligence Information for CVE-2024-6784

Same Patch Batch · ABB · 2024-12-05 · 24 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-6784

Leave a comment