CVE-2024-47210
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-47210 is a vulnerability in Gladys Assistant prior to version 4.45.1 that allows for privilege escalation, enabling users to change their own roles. Affected products include various Gladys Assistant installations identified by model numbers such as y1Q-9B, y1Q-8_, and y02Id0 through y02Idz. The vulnerability arises from the misuse of req.body.role in the updateMySelf function within the user.controller.js file. To remediate this issue, organizations should upgrade to Gladys Assistant version 4.45.1 or later to prevent unauthorized role changes. This vulnerability poses significant risks, including potential integrity and confidentiality impacts due to the high exploitability score of 8.8, indicating a serious threat if exploited.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.