CVE-2024-13111

CVSS 3.1 Score 5.6 of 10 (medium)

Details

Published Jan 2, 2025
CWE ID 287

Summary

CVE-2024-13111 is a newly identified critical vulnerability affecting the Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. The issue lies within the unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl, specifically the JWT Token Handler component. This vulnerability results in improper authentication, allowing for remote attacks. The complexity and difficulty of exploitation are relatively high, but the exploit has been disclosed to the public, increasing the potential risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share