CVE-2024-50693

Summary

CVE-2024-50693 is a newly disclosed vulnerability affecting SunGrow iSolarCloud before the anticipated remediation on October 31, 2024. The issue involves insecure direct object references (IDOR) in the userService API model, which can potentially be exploited by unauthorized entities to gain unauthorized access to sensitive data related to other users. This vulnerability poses a significant risk as it enables attackers to perform actions on behalf of other users without their consent or knowledge. Successful exploitation of CVE-2024-50693 could lead to data theft, privilege escalation, or other malicious activities. Users are strongly advised to apply the forthcoming patch as soon as it becomes available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.