2 matches found
Cross site request forgery (csrf)
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...
CVE-2024-25407
CVE-2024-25407 affects SteVe v3.6.0. The issue is that StartTransaction requests use predictable transaction IDs, enabling an attacker to terminate other transactions and cause a DoS. The CVE records consistently describe this vulnerability and note a PoC in one data source; no concrete remediati...