Podatność CVE-2024-9984
Publikacja: 2024-10-15

Opis:
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.

Typ:

CWE-306

 (Missing Authentication for Critical Function)

 Referencje:
https://www.twcert.org.tw/tw/cp-132-8150-c955a-1.html
https://www.twcert.org.tw/en/cp-139-8151-1a4b5-2.html
Copyright 2024, cxsecurity.com

 

Back to Top