CVE-2024-1621

Name of the Vulnerable Software and Affected Versions uniFLOW Online versions prior to and including 2024.1.0

Description The registration process of uniFLOW Online apps can be compromised when email login is enabled on the tenant, particularly for those utilizing email login in combination with Microsoft Safe Links or similar. This issue may allow an attacker to register themselves against a genuine user in the system, granting malicious users similar access and capabilities via the app to the existing genuine user.

Recommendations For versions prior to and including 2024.1.0, consider disabling email login on the tenant until a patch is available. Restrict access to the registration process to minimize the risk of exploitation. Avoid using email login in combination with Microsoft Safe Links or similar until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.