CVE-2024-38453

2024-07-0300:00:00

mitre

github.com

avalara

salesforce

cpq

vulnerability

api key

AI Score

6.8

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:avalara:avalara_for_salesforce_cpq:*:*:*:*:*:*:*:*"
    ],
    "vendor": "avalara",
    "product": "avalara_for_salesforce_cpq",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "7.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]