CVE-2024-6891

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 8, 2024
CWE ID 94
CWE ID 95

Summary

CVE-2024-6891 is a newly disclosed vulnerability that allows attackers with valid credentials to inject malicious python code during the login process. The vulnerability is located in the login flow and can be exploited without requiring any advanced privileges or specialized tools. Successful exploitation could lead to unauthorized access, data theft, or system compromise. Users are strongly encouraged to apply patches or updates as soon as they become available to mitigate this risk. Organizations should also consider implementing multi-factor authentication and regularly monitoring their login attempts for suspicious activity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share