CVE-2024-24256 identifies a SQL Injection vulnerability in the Yonyou space-time enterprise information integration platform, version 9.0 and earlier. The vulnerability is located in the saveMove.jsp file within the hr_position directory, where the gwbhAIM parameter is improperly sanitized. This improper input validation allows an attacker to inject malicious SQL code, which the backend database executes. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). According to the CVSS 3.1 vector, the attack vector is local (AV:L), requiring the attacker to have local access to the system but no privileges (PR:N) or user interaction (UI:N). The impact affects confidentiality, integrity, and availability to a limited extent (C:L/I:L/A:L), with an overall CVSS score of 5.9 (medium severity). Exploitation could lead to unauthorized access to sensitive data stored in the database, potential data manipulation, or disruption of service. No patches or known exploits are currently reported, indicating the vulnerability is newly disclosed and unmitigated. The lack of remote exploitation capability reduces the immediate threat level but does not eliminate risk in environments where local access can be obtained, such as internal networks or compromised user accounts.

The vulnerability poses a moderate risk to organizations using the affected Yonyou platform. Successful exploitation can lead to unauthorized disclosure of sensitive enterprise information, which may include employee data, organizational structure, or other HR-related data managed via the hr_position module. Data integrity could also be compromised, potentially affecting business operations or compliance with data protection regulations. Availability impact is limited but could disrupt internal processes relying on the platform. Since exploitation requires local access without privileges, the threat is primarily from insider threats or attackers who have already breached perimeter defenses. The absence of public exploits reduces the likelihood of widespread attacks currently, but the vulnerability could be leveraged in targeted attacks or combined with other exploits for privilege escalation. Organizations relying heavily on Yonyou solutions for enterprise integration should consider this a significant risk to internal data confidentiality and integrity.

To mitigate this vulnerability, organizations should first verify if they are running Yonyou space-time enterprise information integration platform version 9.0 or earlier. Since no official patches are currently available, immediate steps include restricting local access to trusted users only and monitoring for suspicious activity on systems hosting the platform. Implement network segmentation to limit access to internal management interfaces. Conduct a thorough code review of the saveMove.jsp and related components to identify and fix improper input validation, specifically sanitizing the gwbhAIM parameter to prevent SQL injection. Employ web application firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting this parameter. Additionally, enforce strict access controls and audit logs to detect potential exploitation attempts. Organizations should stay alert for vendor updates or patches and apply them promptly once released. Regular security training for internal users can reduce the risk of insider threats exploiting local access.