CVE-2024-45919

Name of the Vulnerable Software and Affected Versions Solvait version 24.4.2

Description A security flaw has been discovered that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in "/AssignToMe/SetAction" API endpoint, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.

Recommendations For Solvait version 24.4.2, consider disabling the "/AssignToMe/SetAction" API endpoint or restricting access to it until a patch is available. Additionally, avoid using the Request ID and Action Type parameters in the affected endpoint to minimize the risk of exploitation.