PT-2024-24212 · Unknown · Designa Abacus
Rodrigo Favarini
·
Published
2024-06-27
·
Updated
2024-11-18
·
CVE-2024-31802
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
DESIGNA ABACUS versions prior to v.19
Description
The issue allows an attacker to bypass the payment process via a crafted QR code.
Recommendations
For versions prior to v.19, update to a version that includes a fix for this issue to prevent bypassing the payment process.
As a temporary workaround, consider restricting the use of QR code payments until a patch is available.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Designa Abacus