CVE-2024-24720

Published: Feb 27, 2024Modified: Sep 18, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system.

Affected (2)

Products: Innovaphone: Innovaphone Pbx

Innovaphone

1 product

Innovaphone Pbx

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Innovaphone Innovaphone Pbx	Before 14r1
Innovaphone Innovaphone Pbx	Version 14r1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (5)

https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-24720

Source: cve@mitre.org

Third Party Advisory

https://excellium-services.com/cert-xlm-advisory/CVE-2024-24720

Source: cve@mitre.org

Not Applicable

https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Security#156999_-_App_Users:_Prevent_account_enumerate

Source: cve@mitre.org

Release Notes

https://excellium-services.com/cert-xlm-advisory/CVE-2024-24720

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Security#156999_-_App_Users:_Prevent_account_enumerate

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.