CVE-2024-48905

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Sematell ReplyOne version 7.4.3.0

Description The issue concerns insecure permissions for the "/rest/sessions" endpoint. This could potentially allow unauthorized access or actions.

Recommendations For Sematell ReplyOne version 7.4.3.0, consider restricting access to the "/rest/sessions" endpoint until a fix is available. Review and adjust the permissions settings to ensure they align with the principle of least privilege, minimizing potential risks associated with insecure permissions.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2024-48905

Affected Products

Sematell Replyone

CVE-2024-48905

Weakness Enumeration

Related Identifiers

Affected Products

References · 6