CVE-2024-53855

CVSS 3.1 Score 1.9 of 10 (low)

Details

Published Nov 27, 2024
CWE ID 653

Summary

CVE-2024-53855 affects the Centurion ERP application, which is used for IT management with a focus on ITSM modules. Authenticated users with specific permissions, such as `view_ticket_change`, `view_ticket_incident`, `view_ticket_request`, and `view_ticket_problem`, can view tickets from other organizations they are not part of through the API endpoints. This issue does not impact the application's UI or project tasks. Centurion ERP has released version 1.3.1 to address this vulnerability, and users are advised to upgrade. Alternatively, removing the ticket view permissions from applicable users can mitigate the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share