CVE-2024-7096

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description A privilege escalation issue exists due to a business logic flaw in SOAP admin services. This can be exploited when specific conditions are met, including accessibility of SOAP admin services to the attacker, the presence of an internally used attribute not part of the default configuration, the existence of at least one custom role with non-default permissions, and the attacker's knowledge of the custom role and internal attribute. Exploiting this issue allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.