CVE-2024-56087 is a vulnerability identified in Logpoint, a security information and event management (SIEM) platform, affecting versions before 7.5.0. The issue arises from improper input validation in the Search Template Dashboard feature, where authenticated users can inject malicious payloads into query templates. These payloads are executed server-side, constituting a Server-Side Template Injection (SSTI) vulnerability classified under CWE-77 (Improper Neutralization of Special Elements used in a Command). SSTI vulnerabilities allow attackers to execute arbitrary code or commands on the server by manipulating template engines. In this case, the attacker must have at least low-level privileges (authenticated user) and the attack complexity is high, meaning exploitation requires specific conditions or knowledge. The vulnerability impacts confidentiality significantly, as attackers could access sensitive data processed or stored by the Logpoint server. Integrity and availability impacts are limited but not negligible, as partial disruption or data manipulation could occur. The CVSS v3.1 score is 5.9 (medium), with vector AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L, indicating the attack requires network access with authentication, high complexity, no user interaction, and affects confidentiality most severely. No public exploits or active exploitation have been reported to date. The absence of patch links suggests that a fix may be forthcoming or users should upgrade to version 7.5.0 or later once available. Organizations relying on Logpoint for security monitoring should be aware of this vulnerability and take immediate steps to mitigate risk.

The primary impact of CVE-2024-56087 is the potential unauthorized disclosure of sensitive information within the Logpoint SIEM environment. Attackers with authenticated access can execute arbitrary template code, potentially extracting confidential logs, credentials, or configuration data. This compromises the confidentiality of security monitoring data, which could lead to further attacks or data breaches. Integrity impact is moderate, as attackers might alter query results or dashboard outputs, misleading security analysts. Availability impact is low but possible if malicious payloads cause server instability or crashes. The requirement for authentication and high attack complexity limits the scope of exploitation, reducing the risk of widespread attacks. However, organizations with many users having access to the Search Template Dashboard or weak internal access controls face higher risk. Given Logpoint's role in security operations, exploitation could undermine incident detection and response capabilities, increasing overall organizational risk.

1. Upgrade Logpoint to version 7.5.0 or later as soon as the patch is officially released to address this vulnerability. 2. Restrict access to the Search Template Dashboard to only trusted and necessary personnel, enforcing the principle of least privilege. 3. Implement strong authentication mechanisms and monitor user activities for suspicious query patterns indicative of injection attempts. 4. Conduct regular security audits and code reviews of custom templates or queries used within Logpoint to detect potential injection vectors. 5. Employ network segmentation to limit access to the Logpoint management interfaces, reducing exposure to internal threats. 6. Use Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) configured to detect and block SSTI payloads or unusual template query behavior. 7. Educate administrators and users on the risks of template injection and safe query practices to prevent accidental misuse. 8. Monitor vendor advisories and threat intelligence feeds for updates or exploit reports related to this CVE.