Lucene search

MicrosoftCVE-2024-38164

HistoryJul 23, 2024 - 10:15 p.m.

CVE-2024-38164

2024-07-2322:15:08

CWE-284

microsoft

web.nvd.nist.gov

access control

groupme

unauthenticated attacker

privilege elevation

malicious link

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.

Affected configurations

Nvd

Vulners

Node

microsoftgroupmeMatch-

VendorProductVersionCPE
microsoftgroupme-cpe:2.3:a:microsoft:groupme:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	groupme	-	cpe:2.3:a:microsoft:groupme:-:::::::*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "GroupMe",
    "cpes": [
      "cpe:2.3:a:microsoft:groupme:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "N/A",
        "status": "affected"
      }
    ]
  }
]

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

Related for CVE-2024-38164