CVE-2024-52870

Jan. 17, 2025, 10:15 p.m.

7.1
High

Description

Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites.

Product(s) Impacted

Product Versions
Teradata Vantage Editor
  • 1.0.1

Weaknesses

CWE-909
Missing Initialization of Resource
The product does not initialize a critical resource.

References

https://chrismanson.com/CVE/cve-2024-52870.html
https://www.teradata.com/trust-security-center/data-security

Tags

cve@mitre.org
CWE-909
2025-01-17
CVE-2024-52870

CVSS Score

7.1 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Date

  • Published: Jan. 17, 2025, 8:15 p.m.
  • Last Modified: Jan. 17, 2025, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.