CVE-2024-48590 – Inflectra SpiraTeam 7.2.00 contains a Server-Si... (How to Fix)

Q: What is the severity of CVE-2024-48590?

CVE-2024-48590 has a CVSS score of 9.8 (CRITICAL). Inflectra SpiraTeam 7.2.00 contains a Server-Side Request Forgery (SSRF) vulnerability in the NewsReaderService that allows attackers to make the server send unauthorized requests to internal systems. This can lead to privilege escalation and exposure of sensitive information. Organizations running SpiraTeam 7.2.00 are affected.

📋 TL;DR

Inflectra SpiraTeam 7.2.00 contains a Server-Side Request Forgery (SSRF) vulnerability in the NewsReaderService that allows attackers to make the server send unauthorized requests to internal systems. This can lead to privilege escalation and exposure of sensitive information. Organizations running SpiraTeam 7.2.00 are affected.

💻 Affected Systems

Products:

Inflectra SpiraTeam

Versions: 7.2.00

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only version 7.2.00 is confirmed affected; other versions may also be vulnerable.

📦 What is this software?

Spirateam by Inflectra

View all CVEs affecting Spirateam →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, steal credentials, pivot to other systems, and achieve full system compromise.

🟠

Likely Case

Attackers would exfiltrate sensitive data from internal systems and escalate privileges within SpiraTeam.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the SpiraTeam server itself.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authentication but is simple to execute once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Monitor Inflectra security advisories for updates.

🔧 Temporary Workarounds

Disable NewsReaderService

all

Remove or disable the vulnerable NewsReaderService component

Specific commands depend on SpiraTeam installation method and OS

Network Segmentation

all

Restrict SpiraTeam server's outbound network access to only required services

Configure firewall rules to block outbound requests from SpiraTeam to internal networks

🧯 If You Can't Patch

Implement strict network segmentation to isolate SpiraTeam from sensitive internal systems
Monitor for unusual outbound requests from SpiraTeam server

🔍 How to Verify

Check if Vulnerable:

Check SpiraTeam version in administration panel; if version is 7.2.00, system is vulnerable

Check Version:

Check SpiraTeam web interface > Administration > System Information

Verify Fix Applied:

Test if NewsReaderService can make requests to internal IP addresses after applying workarounds

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from SpiraTeam server
Requests to internal IP addresses from NewsReaderService

Network Indicators:

SpiraTeam server making requests to internal services it shouldn't access
Unusual traffic patterns from SpiraTeam to internal networks

SIEM Query:

source="spirateam-logs" AND (url CONTAINS "NewsReaderService" OR dest_ip IN [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16])

📊 Metadata

CVE ID: CVE-2024-48590

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

EPSS Score: 2.32% exploit probability (84.5th percentile)

Published: March 20, 2025

Last Updated: April 1, 2025

🔗 References

https://github.com/GCatt-AS/CVE-2024-48590/blob/main/README.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48590, you might also want to check these: