CVE-2024-13111
CVSS 3.1 Score 5.6 of 10 (medium)
Details
Published Jan 2, 2025
CWE ID 287
Summary
CVE-2024-13111 is a newly identified critical vulnerability affecting the Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. The issue lies within the unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl, specifically the JWT Token Handler component. This vulnerability results in improper authentication, allowing for remote attacks. The complexity and difficulty of exploitation are relatively high, but the exploit has been disclosed to the public, increasing the potential risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Yunfan Learning Examination System