Platform
other
Component
armalife
Fixed in
20250916.0.1
CVE-2024-13149 describes a SQL Injection vulnerability within Armalife, allowing unauthorized access to sensitive data. This flaw stems from improper neutralization of special elements in SQL commands. The vulnerability affects versions of Armalife up to and including 20250916. A patch is available in version 20250916.0.1.
Successful exploitation of this SQL Injection vulnerability allows an attacker to inject malicious SQL code into Armalife's database queries. This can lead to the unauthorized extraction of sensitive information, including user credentials, financial data, or other confidential records stored within the database. Depending on the database permissions and the attacker's skill, they could potentially modify or delete data, leading to data integrity issues and service disruption. The impact is particularly severe given the CRITICAL CVSS score, indicating a high likelihood of successful exploitation and significant potential damage.
CVE-2024-13149 was published on 2025-09-16. As of this date, no public proof-of-concept (PoC) code has been released. The vendor has not confirmed completion of the fixing process within the specified time, indicating ongoing monitoring is required. The vulnerability's severity and the potential for data exfiltration warrant careful attention.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13149 is to immediately upgrade Armalife to version 20250916.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and sanitization on all user-supplied data that is used in SQL queries. Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide a layer of protection. Monitor database logs for suspicious SQL queries that might indicate an ongoing attack.
Update Armalife to a version later than 20250916, if available, that fixes the SQL Injection vulnerability. Consult the release notes or the vendor for more details about the update and the fixes implemented. If no version is available, contact the vendor for a patch or a workaround.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13149 is a critical SQL Injection vulnerability affecting Armalife versions up to 20250916, allowing attackers to potentially extract sensitive data from the database.
If you are using Armalife versions prior to 20250916.0.1, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
Upgrade Armalife to version 20250916.0.1 or later to resolve this vulnerability. Consider temporary workarounds like input validation if immediate upgrade is not possible.
As of the publication date, there is no confirmed active exploitation, but the vulnerability's severity warrants proactive mitigation.
Refer to the Armalife vendor advisory for detailed information and updates regarding CVE-2024-13149.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.