CVE-2024-13971

Published: Apr 30, 2026

Modified: May 17, 2026

PUBLISHED

Description

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Vendor	Product	Versions
Lobster GmbH	Lobster_pro	affected `0 - < 4.12.6-GA` unaffected `4.12.6-GA`

Weaknesses (CWE)

CWE-611

References

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-13971

Description

Affected Products

Weaknesses (CWE)

References