CVE-2024-55186

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 20, 2024

CWE ID 639

Summary

CVE-2024-55186 is a newly identified IDOR (Insecure Direct Object Reference) vulnerability affecting oqtane Framework version 6.0.0. This issue allows a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By exploiting this vulnerability, an unauthorized attacker can gain access to sensitive mail details of other users, potentially leading to data leakage or other malicious activities. This vulnerability underscores the importance of input validation and access control measures to prevent unintended data access in web applications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1T05Bh
https://www.cve.org/CVERecord?id=CVE-2024-55186
https://nvd.nist.gov/vuln/detail/CVE-2024-55186

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-55186

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations