Lucene search

K
nvd[email protected]NVD:CVE-2024-9970
HistoryOct 15, 2024 - 4:15 a.m.

CVE-2024-9970

2024-10-1504:15:04
CWE-565
web.nvd.nist.gov
3
flowmaster bpm plus
privilege escalation
newtype
remote attackers
administrator
specific cookie

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.1%

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.

Affected configurations

Nvd
Node
newtypeflowmaster_bpm_plusRange<5.3.1
VendorProductVersionCPE
newtypeflowmaster_bpm_plus*cpe:2.3:a:newtype:flowmaster_bpm_plus:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.1%

Related for NVD:CVE-2024-9970