Lucene search

TR-CERTCVELIST:CVE-2024-7015

HistorySep 09, 2024 - 2:03 p.m.

CVE-2024-7015 Improper Authentication in Profelis Informatics and Consulting's PassBOX

2024-09-0914:03:05

CWE-306

CWE-287

CWE-285

TR-CERT

www.cve.org

cve-2024-7015

authentication abuse

missing authorization

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/SC:H/VI:L/SI:L/VA:N/SA:N

EPSS

0.001

Percentile

39.6%

JSON

Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PassBox",
    "vendor": "Profelis Informatics and Consulting",
    "versions": [
      {
        "lessThan": "v1.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

https://www.usom.gov.tr/bildirim/tr-24-1418