HIGH
ThreatQuotient
CVE published 2024-12-17
CVE-2024-39703
A command injection vulnerability in the ThreatQuotient ThreatQ Platform API endpoint allows authenticated attackers to achieve remote code execution. The flaw exists in versions prior to 5.29.3 and was disclosed by CISA on December 17, 2024. The vulnerability requires low privileges and no user interaction, making it exploitable by any authenticated user with network access to the platform.