CVE-2024-37232

Name of the Vulnerable Software and Affected Versions Hercules Core versions n/a through 6.5

Description The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured Access Control Security Levels.

Recommendations For versions n/a through 6.5, update to a version that addresses the Missing Authorization vulnerability. As a temporary workaround, consider restricting access to sensitive areas of Hercules Core to minimize the risk of exploitation. Avoid relying solely on the default Access Control Security Levels; instead, review and configure them according to the organization's security policy.