CVE-2024-46505
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Exploitability: 3.9 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
Related CWEs
CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
References (1)
Timeline
No history available yet.