Inclusion of Functionality from Untrusted Control Sphere

CVE-2024-32011

High

8.7/10

Summary

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References

Advisory Timeline

Published Nov 11, 2025

Inclusion of Functionality from Untrusted Control Sphere

CVE-2024-32011

Summary

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS