CVE-2024-8417

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 540

Summary

CVE-2024-8417 is a vulnerability affecting the Yunke Online School System up to version 1.5.5, specifically in the file /admin/educloud/videobind.html, allowing for the inclusion of sensitive information in source code. The complexity of exploiting this vulnerability is assessed as high, and while it can be initiated remotely, practical exploitation appears to be difficult. Organizations using affected products, including yS-Kef, yS-Keg, yS-Keh, yVFap3, yS-Kei, and yVFap2, are at risk of partial confidentiality impacts. To remediate this issue, it is recommended that users upgrade to version 1.5.6 or later. The vulnerability has been publicly disclosed and could potentially be exploited despite its low severity rating of 3.1 on the CVSS scale.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share