CVE-2020-24030
Last modified
CVE-2020-24030 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. EPSS estimates a 2.67% chance of exploitation in the next 30 days.
Description
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expired, invalidated, and bound to session context. Attempts to alter the token payload to extend its validity do not affect server-side validation."
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Forlogic | Qualiex | 1.0 |
| Forlogic | Qualiex | 3.0 |
References
- https://github.com/underprotection/CVE-2020-24030Third Party Advisory
- https://qualiex.comProduct, Vendor Advisory
- https://github.com/underprotection/CVE-2020-24030Third Party Advisory
- https://qualiex.comProduct, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-24030?
How severe is CVE-2020-24030?
How do I fix CVE-2020-24030?
Are you affected by CVE-2020-24030?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST