CVE-2024-9202

Summary

CVE-2024-9202 is a vulnerability affecting Eclipse Dataspace Components versions 0.1.3 to 0.9.0. The Connector component, responsible for filtering datasets that parties can view in a catalog, has a flaw that allows unauthorized access to restricted datasets. This issue occurs when requesting a single dataset, which should undergo the same filtering process but currently lacks it. Consequently, parties may gain access to sensitive information they should not have access to. The vulnerability requires knowing the ID of a restricted dataset, which can be guessed through automated means. The affected code is located in DatasetResolverImpl, specifically lines 76-79.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.