CVE-2024-3165

CVSS 3.1 Score 4.5 of 10 (medium)

Details

Published Apr 1, 2024
Updated: Jul 26, 2024
CWE ID 522

Summary

CVE-2024-3165 is a vulnerability affecting the dotCMS dashboard where log files contain sensitive information, revealing username and password details for database connections. This issue poses a moderate risk, as it requires both backend admin access and inadequately secured databases. The vulnerability aligns with the OWASP Top 10 - A05 (Insecure Design) and A09 (Security Logging and Monitoring Failure) categories, emphasizing the importance of secure system design and effective logging practices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share