CVE-2024-49202

Published: Dec 18, 2024Modified: Dec 21, 2024

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Exploitability: 2.8 / Impact: 4.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://keyfactor.com

Source: cve@mitre.org

https://software.keyfactor.com/Core-OnPrem/v12.5/Content/ReleaseNotes/ReleaseNoteDetails-12_5.htm

Source: cve@mitre.org

Timeline

No history available yet.