PT-2024-26993 · Targit · Targit Decision Suite

Published

2024-05-27

Updated

2025-03-18

CVE-2024-36426

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TARGIT Decision Suite versions 23.2.15007.0 and earlier

Description The session token is part of the URL and may be sent in a cleartext HTTP session, which could potentially expose sensitive information.

Recommendations For TARGIT Decision Suite versions 23.2.15007.0 and earlier, consider updating to a version released after Autumn 2023 to ensure the session token is properly secured. As a temporary workaround, restrict the use of HTTP sessions to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-279CWE-319

Related Identifiers

CVE-2024-36426

Affected Products

Targit Decision Suite

PT-2024-26993 · Targit · Targit Decision Suite

CVE-2024-36426

Weakness Enumeration

Related Identifiers

Affected Products

References · 7