CVE-2024-55557

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 16, 2024

Updated: Dec 17, 2024

CWE ID 798

Summary

CVE-2024-55557 is a vulnerability affecting Weasis 4.5.1, specifically in the ui/pref/ProxyPrefView.java file. The issue lies in the use of a hardcoded key for symmetric encryption of proxy credentials. An attacker who gains access to the system could potentially decrypt and obtain proxy credentials, leading to unauthorized access to protected networks or resources. This vulnerability poses a significant risk, particularly in enterprise environments where sensitive information is commonly transmitted through proxied connections. It is recommended that users of Weasis 4.5.1 upgrade to a newer version or apply a patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database