CVE-2024-9984

Published: Oct 15, 2024Modified: Oct 16, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.

Affected (1)

Products: Ragic: Enterprise Cloud Database

Ragic

1 product

Enterprise Cloud Database

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ragic Enterprise Cloud Database	Before 2024-08-08

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://www.twcert.org.tw/en/cp-139-8151-1a4b5-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8150-c955a-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.