CVE-2024-53855
CVSS 3.1 Score 1.9 of 10 (low)
Details
Summary
CVE-2024-53855 affects the Centurion ERP application, which is used for IT management with a focus on ITSM modules. Authenticated users with specific permissions, such as `view_ticket_change`, `view_ticket_incident`, `view_ticket_request`, and `view_ticket_problem`, can view tickets from other organizations they are not part of through the API endpoints. This issue does not impact the application's UI or project tasks. Centurion ERP has released version 1.3.1 to address this vulnerability, and users are advised to upgrade. Alternatively, removing the ticket view permissions from applicable users can mitigate the issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.