CVE-2024-11071

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 7, 2025

CWE ID 942

CWE ID 352

Summary

CVE-2024-11071 is a vulnerability affecting the local API server in Cyberdigm's DestinyECM solution. This issue involves a Permissive Cross-domain Policy with Untrusted Domains, making it susceptible to Cross-Site Request Forgery (CSRF) attacks. Successful CSRF attacks can lead to JSON Hijacking or JavaScript Hijacking via a malicious web page. The specific versions of DestinyECM impacted by this vulnerability have not been explicitly stated, but users are urged to contact the vendor for further information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0bEy4z
https://www.cve.org/CVERecord?id=CVE-2024-11071
https://nvd.nist.gov/vuln/detail/CVE-2024-11071

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-11071

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations