PT-2024-25205 · Lumisxp · Lumisxp

Rodolfo Tavares

Published

2024-06-26

Updated

2024-07-11

CVE-2024-33329

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lumisxp versions 15.0.x through 16.1.x

Description A hardcoded privileged ID allows attackers to bypass authentication and access internal pages and other sensitive information.

Recommendations For Lumisxp versions 15.0.x through 16.1.x, consider temporarily restricting access to internal pages until a patch is available. As a temporary workaround, avoid using the hardcoded privileged ID in authentication processes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2024-33329

Affected Products

Lumisxp

PT-2024-25205 · Lumisxp · Lumisxp

CVE-2024-33329

Weakness Enumeration

Related Identifiers

Affected Products

References · 6