CVE-2024-57436

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 29, 2025

CWE ID 922

Summary

CVE-2024-57436 is a vulnerability affecting RuoYi v4.8.0. The issue was discovered to allow unauthorized access to admin session IDs through crafted cookies during system monitoring. This vulnerability enables attackers to impersonate Admin users, potentially leading to unauthorized system modifications or data theft. This security flaw poses a significant risk and should be addressed by updating to the latest version of RuoYi as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T5Sph
https://www.cve.org/CVERecord?id=CVE-2024-57436
https://nvd.nist.gov/vuln/detail/CVE-2024-57436

Back to Vulnerability Database

CVE-2024-57436

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations