PT-2024-38032 · Profelis Informatics Consulting · Passbox
Abdüssamed Güzey
·
Published
2024-09-09
·
Updated
2025-10-14
·
CVE-2024-7015
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Profelis Informatics and Consulting PassBox versions prior to 1.2
Description
The issue is related to improper authentication, missing authentication for critical functions, and improper authorization, allowing authentication abuse. This can lead to unauthorized access.
Recommendations
For versions prior to 1.2, upgrade the affected component immediately to mitigate exposure. As a temporary workaround, consider restricting access to critical functions until a patch is available.
Fix
Improper Authentication
Improper Authorization
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Passbox