Vulnerability CVE-2024-22179


Published: 2024-04-18   Modified: 2024-04-19

Description:

The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access to the admin panel. Also vulnerable to account
takeover and arbitrary password change.

Type:

CWE-302

(Authentication Bypass by Assumed-Immutable Data)

 References:
https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

Copyright 2024, cxsecurity.com

 

Back to Top