CVE-2024-42048
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-08-29
Assigner: MITRE
Description
Description
OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this location, this allows for DLL hijacking and may result in arbitrary code execution and privilege escalation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openorange | business_framework | 1.15.5 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenOrange Business Framework 1.15.5 allows unprivileged users to have write access to the installation directory, which they normally should not have. This means that users without administrative rights can modify files in the installation directory.
How can this vulnerability impact me? :
The vulnerability can allow unprivileged users to modify or replace files in the installation directory, potentially leading to unauthorized changes, execution of malicious code, or disruption of the application.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70