CVE-2024-42165

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 12, 2024
Updated: Aug 29, 2024
CWE ID 330

Summary

CVE-2024-42165 is a vulnerability affecting FIWARE Keyrock versions prior to 8.5. This issue stems from insufficiently random values used to generate activation tokens. An attacker can exploit this weakness by predicting the token for the activation link, enabling them to illegitimately activate accounts of any user within the system. Consequently, unauthorized access and potential data breaches may ensue. System administrators should update to the latest version of FIWARE Keyrock to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share