CVE-2024-22074

Published: Jun 6, 2024Modified: Mar 18, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.

Affected (6)

Products: Dynamsoft: Dynamsoft Service

Dynamsoft

1 product

Dynamsoft Service

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Dynamsoft Dynamsoft Service	From 1.0.516 to 1.3.3212
Dynamsoft Dynamsoft Service	From 1.4.1230 to 1.4.3212
Dynamsoft Dynamsoft Service	From 1.5.0625 to 1.5.31212
Dynamsoft Dynamsoft Service	From 1.6.0428 to 1.6.3212
Dynamsoft Dynamsoft Service	From 1.7.0330 to 1.7.4212
Dynamsoft Dynamsoft Service	From 1.8.1025 to 1.8.2014

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/

Source: cve@mitre.org

Vendor Advisory

https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.