Cyber Resilience

CVE-2024-7267

High

Published: 07 August 2024

Published
07 August 2024
Modified
17 March 2025
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:D/RE:L/U:Green
EPSS Score 0.0027 51.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7267 is a high-severity Exposure of Sensitive Information Due to Incompatible Policies (CWE-213) vulnerability in Nask Ezd Rp. Its CVSS base score is 7.1 (High).

Operationally, ranked in the top 49.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

nask
ezd rp
≤ 19.6

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-213

Marking hardware components with the permitted impact or classification level directly supports consistent policy enforcement, reducing the chance that sensitive data is processed on an incompatible component and thereby exposed.

addresses: CWE-213

Demands documented authority and policy alignment for PII processing, reducing exposure due to incompatible or absent policies.

addresses: CWE-213

Directly enforces purpose compatibility and policy alignment for PII processing, preventing exposure from incompatible policies.

References