CVE-2024-38645

Name of the Vulnerable Software and Affected Versions: Notes Station 3 versions prior to 3.9.7

Description: The issue is related to insufficient validation of incoming requests, which could allow a remote attacker to gain unauthorized access to protected information by spoofing requests on behalf of the server. This is a server-side request forgery (SSRF) vulnerability. If exploited, it could allow remote authenticated attackers to read application data.

Recommendations: For Notes Station 3 versions prior to 3.9.7, update to version 3.9.7 or later to address the issue. As a temporary workaround, consider restricting access to the vulnerable Notes Station application until a patch is applied.