CVE-2024-23816

Name of the Vulnerable Software and Affected Versions Location Intelligence Perpetual Large versions prior to V4.3 Location Intelligence Perpetual Medium versions prior to V4.3 Location Intelligence Perpetual Non-Prod versions prior to V4.3 Location Intelligence Perpetual Small versions prior to V4.3 Location Intelligence SUS Large versions prior to V4.3 Location Intelligence SUS Medium versions prior to V4.3 Location Intelligence SUS Non-Prod versions prior to V4.3 Location Intelligence SUS Small versions prior to V4.3

Description A vulnerability has been identified in the affected products, which use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. The issue is also related to the use of pre-installed credentials, which can be exploited by a remote attacker to gain full access to the software.

Recommendations For Location Intelligence Perpetual Large versions prior to V4.3, update to version V4.3 or later. For Location Intelligence Perpetual Medium versions prior to V4.3, update to version V4.3 or later. For Location Intelligence Perpetual Non-Prod versions prior to V4.3, update to version V4.3 or later. For Location Intelligence Perpetual Small versions prior to V4.3, update to version V4.3 or later. For Location Intelligence SUS Large versions prior to V4.3, update to version V4.3 or later. For Location Intelligence SUS Medium versions prior to V4.3, update to version V4.3 or later. For Location Intelligence SUS Non-Prod versions prior to V4.3, update to version V4.3 or later. For Location Intelligence SUS Small versions prior to V4.3, update to version V4.3 or later.