CVE-2024-52870

CVE-2024-52870 is a vulnerability in Teradata Vantage Editor 1.0.1, a client application intended primarily for SQL database access and navigation to docs.teradata.com. The flaw stems from unintended functionality embedded in the software, including Chromium Developer Tools, which allows a client user to bypass restrictions and access arbitrary remote websites. Classified under CWE-909, it carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) and was published on 2025-01-17T20:15:28.527.

The attack requires local access to the affected system, low attack complexity, and no privileges, though user interaction is necessary. A local attacker could exploit this by tricking a victim into invoking the exposed Developer Tools or related features within the Vantage Editor. Successful exploitation enables high confidentiality and integrity impacts, such as unauthorized data exposure or manipulation via access to external sites.

Mitigation guidance is available through vendor advisories. Security practitioners should consult Teradata's trust and security center at https://www.teradata.com/trust-security-center/data-security and the detailed analysis at https://chrismanson.com/CVE/cve-2024-52870.html for patches, workarounds, or upgrade recommendations.