Vulnerability CVE-2024-5996


Published: 2024-06-14

Description:
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system.

Type:

CWE-319

(Cleartext Transmission of Sensitive Information)

 References:
https://www.twcert.org.tw/tw/cp-132-7873-5ba4c-1.html
https://www.twcert.org.tw/en/cp-139-7874-b6727-2.html

Copyright 2024, cxsecurity.com

 

Back to Top