CVE-2024-2463

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2463
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.

8.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cdex.cloud/
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
https://cert.pl/posts/2024/03/CVE-2024-2463/
Configurations

No configuration.

History

01 Aug 2024, 22:35

Type Values Removed Values Added
Summary
  • (es) El mecanismo débil de recuperación de contraseña en la aplicación CDeX permite recuperar el token de restablecimiento de contraseña. Este problema afecta a las versiones de la aplicación CDeX hasta la 5.7.1.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.0

21 Mar 2024, 15:24

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-21 15:16

Updated : 2024-08-01 22:35

NVD link : CVE-2024-2463

Mitre link : CVE-2024-2463

CVE.ORG link : CVE-2024-2463

JSON object : View

Products Affected

No product.

CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password