PT-2024-28097 · Unknown · Notes Station 3

Thomas Fady

Published

2024-11-22

Updated

2024-12-02

CVE-2024-38643

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Notes Station 3 versions prior to 3.9.7

Description A missing authentication for critical function issue has been reported, which could allow remote attackers to gain access to and execute certain functions if exploited.

Recommendations For Notes Station 3 versions prior to 3.9.7, update to version 3.9.7 or later to fix the missing authentication flaw. As a temporary workaround, consider restricting access to critical functions until the update is applied.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2025-02200

CVE-2024-38643

Affected Products

Notes Station 3

PT-2024-28097 · Unknown · Notes Station 3

CVE-2024-38643

Weakness Enumeration

Related Identifiers

Affected Products

References · 12