CVE-2024-27113
Last modified
CVE-2024-27113 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:M/U:Red
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Soplanning | Soplanning | < 1.52.02 |
References
- https://csirt.divd.nl/CVE-2024-27113Broken Link
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-27113?
How severe is CVE-2024-27113?
How do I fix CVE-2024-27113?
Are you affected by CVE-2024-27113?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST