CVE-2024-11071

7 Abr 2025

Título es

CVE-2024-11071

Lun, 07/04/2025 – 06:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-11071

Descripción en

Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor.

07/04/2025

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 4.0

7.70

Gravedad 4.0 txt

HIGH

Gravedad 3.1 (CVSS 3.1 Base Score)

8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://cyberdigm.co.kr/destinyEcm

Enviar en el boletín

Off

CVE-2024-11071

CVE-2024-11071

Jose Alexis Correa Valencia