CVE-2024-0740
Published: 26 April 2024
Summary
CVE-2024-0740 is a critical-severity OS Command Injection (CWE-78) vulnerability in Eclipse Target Management. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Eclipse Target Management: Terminal and Remote System Explorer (RSE) versions up to and including 4.5.400 contain a remote code execution vulnerability tracked as CVE-2024-0740. The flaw is associated with CWE-78 and CWE-77, indicating improper neutralization of special elements used in OS commands, and carries a CVSS 3.1 score of 9.8 reflecting network attack vector, low complexity, and no required authentication or user interaction.
An unauthenticated attacker with network access can supply crafted input that results in arbitrary command execution on the affected system, potentially leading to full confidentiality, integrity, and availability impact on the host running the vulnerable Terminal or RSE components.
The vulnerability is addressed in the fixed version shipped with Eclipse IDE 2024-03; relevant changes are documented in Eclipse Git commits and the Eclipse Foundation security advisory at gitlab.eclipse.org/security/vulnerability-reports/-/issues/171.
EPSS for the CVE reached a recorded peak of 0.1236 on 2025-12-11 before receding to the current value of 0.0902.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-16529
Vulnerability details
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.