CVE-2024-11318
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-11318 is a newly discovered IDOR (Insecure Direct Object Reference) vulnerability in AbsysNet's software, specifically affecting version 2.3.1. This issue enables a remote attacker to potentially gain unauthorized access to another user's session by brute-forcing session identifiers via the "/cgi-bin/ocap/" endpoint. Successful exploitation could lead to sensitive data exposure or even session hijacking, posing a significant security risk. AbsysNet is advised to release a patch to address this vulnerability promptly. Until then, users are recommended to secure their session identifiers and employ additional authentication measures.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.