Lucene search
MitreCVE-2024-38453HistoryJul 03, 2024 - 6:15 a.m.
CVE-2024-38453
2024-07-0306:15:04
CWE-522
CWE-922
mitre
web.nvd.nist.gov
36
avalara
salesforce cpq
api key
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.2%
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024.
Related
vulnrichment
vulnrichment
CVE-2024-38453
2024-07-03 00:00:00
nvd
nvd
CVE-2024-38453
2024-07-03 06:15:04
cvelist
cvelist
CVE-2024-38453
2024-07-03 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.2%
Related for CVE-2024-38453