CVE-2024-27455

{"id": "CVE-2024-27455", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-02-26T16:28:00.707", "references": [{"url": "https://www.bentley.com/advisories/be-2024-0001/", "source": "cve@mitre.org"}, {"url": "https://www.bentley.com/advisories/be-2024-0001/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-488"}, {"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03."}, {"lang": "es", "value": "En la aplicaci\u00f3n web Bentley ALIM, ciertos ajustes de configuraci\u00f3n pueden provocar la exposici\u00f3n del token de sesi\u00f3n ALIM de un usuario cuando el usuario intenta descargar archivos. Esto se solucion\u00f3 en Assetwise ALIM Web 23.00.02.03 y Assetwise Information Integrity Server 23.00.04.04."}], "lastModified": "2024-11-21T09:04:38.400", "sourceIdentifier": "cve@mitre.org"}