CVE-2024-5168

Published: May 23, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: cve-coordination@incibe.es (Secondary)

Description

Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-vulnerability-prodys-quantum-audio-codec

Source: cve-coordination@incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-vulnerability-prodys-quantum-audio-codec

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.