Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 28, 2024

CVE-2024-27198

High
CVSS 9.8EPSS 94.6%CISA KEVRansomware
JetBrains/TeamCity

Description

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

CVSS Score

9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS — Exploit Probability

94.6%

Higher than 100.0% of all CVEs

Weakness Classification (CWE)

CWE-288CWE-288MITRE

Required Action

https://www.jetbrains.com/help/teamcity/teamcity-2023-11-4-release-notes.html; https://nvd.nist.gov/vuln/detail/CVE-2024-27198

Risk Assessment

CRITICAL
In CISA KEV
Critical CVSS
High EPSS
Ransomware

Details

Severity
High
CVSS
9.8
EPSS
94.6%
CWE
CWE-288
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

Mar 7, 2024

Added to KEV

Mar 7, 2024

Remediation Due

Mar 28, 2024

Affected Product

JetBrains

TeamCity

View all JetBrains CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE