Search for vulnerabilities
Vulnerability details: VCID-bccy-q51m-b3gy
Vulnerability ID VCID-bccy-q51m-b3gy
Aliases CVE-2024-34537
GHSA-ffcv-v6pw-qhrp
Summary Denial of Service in TYPO3 Bookmark Toolbar ### Problem Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. ### Credits Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-011](https://typo3.org/security/advisory/typo3-core-sa-2024-001)
Status Published
Exploitability 0.5
Weighted Severity 4.4
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1286 Improper Validation of Syntactic Correctness of Input
CWE-248 Uncaught Exception
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2024-34537
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2024-34537
cvssv3.1_qr LOW https://github.com/advisories/GHSA-ffcv-v6pw-qhrp
cvssv3.1 2.7 https://github.com/TYPO3-CMS/backend
generic_textual LOW https://github.com/TYPO3-CMS/backend
cvssv3.1 2.7 https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
cvssv3.1 4.9 https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
cvssv3.1_qr LOW https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
generic_textual LOW https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
ssvc Track https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
cvssv3.1 2.7 https://nvd.nist.gov/vuln/detail/CVE-2024-34537
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2024-34537
cvssv3.1 2.7 https://typo3.org/security/advisory/typo3-core-sa-2024-011
cvssv3.1 4.9 https://typo3.org/security/advisory/typo3-core-sa-2024-011
generic_textual LOW https://typo3.org/security/advisory/typo3-core-sa-2024-011
ssvc Track https://typo3.org/security/advisory/typo3-core-sa-2024-011
cvssv3.1 2.7 https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
cvssv3.1 4.9 https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
generic_textual LOW https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
ssvc Track https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-34537
https://github.com/TYPO3-CMS/backend
https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
https://nvd.nist.gov/vuln/detail/CVE-2024-34537
https://typo3.org/security/advisory/typo3-core-sa-2024-011
https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
GHSA-ffcv-v6pw-qhrp https://github.com/advisories/GHSA-ffcv-v6pw-qhrp
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C Found at https://github.com/TYPO3-CMS/backend
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T16:12:09Z/ Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C Found at https://nvd.nist.gov/vuln/detail/CVE-2024-34537
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C Found at https://typo3.org/security/advisory/typo3-core-sa-2024-011
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://typo3.org/security/advisory/typo3-core-sa-2024-011
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T16:12:09Z/ Found at https://typo3.org/security/advisory/typo3-core-sa-2024-011
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C Found at https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T16:12:09Z/ Found at https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar
Exploit Prediction Scoring System (EPSS)
Percentile 0.53959
EPSS Score 0.00314
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:08:49.631781+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-ffcv-v6pw-qhrp/GHSA-ffcv-v6pw-qhrp.json 36.1.3