CVE-2024-37777
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zoneland | o2oa | 9.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-37777 is a critical remote code execution (RCE) vulnerability in O2OA version 9.0.3. It occurs because the system attempts to block dangerous Java classes using a blacklist to prevent harmful operations in scripts, but this blacklist can be bypassed using Java reflection. Attackers can exploit the Script Activity feature within the Process Application Management module to execute arbitrary system commands remotely by dynamically invoking restricted Java classes and methods, such as Runtime.exec(), allowing them to run commands like opening applications on the server. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute arbitrary system commands on the server running O2OA 9.0.3 without proper authorization. This can lead to full compromise of the affected system, including unauthorized access, data theft, system manipulation, installation of malware, or disruption of services. Because the attacker can run any command, the impact includes complete loss of confidentiality, integrity, and availability of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your system is running O2OA version 9.0.3 and by attempting to reproduce the exploit steps. Specifically, you can try to create and execute a Script Activity in the Process Application Management module that uses Java reflection to execute system commands. Monitoring for unusual execution of system commands like 'calc.exe' triggered from the application could indicate exploitation. Since the exploit uses Java reflection to bypass blacklists, commands or scripts that attempt to invoke Runtime.getRuntime().exec() indirectly could be indicators. However, no specific network or system commands are provided in the resources for detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include not using or disabling O2OA version 9.0.3 until a patch or update is available. Restrict access to the Process Application Management module, especially for untrusted users, and monitor or disable the Script Activity feature to prevent execution of arbitrary scripts. Additionally, review and strengthen sandboxing and input validation to prevent Java reflection bypasses. Since the vulnerability arises from a bypass of the blacklist, consider applying additional security controls such as network segmentation, application whitelisting, and monitoring for suspicious command executions. The resource does not provide a specific patch or fix, so avoiding use or restricting access is critical. [1]