The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024.
References
Configurations
No configuration.
History
21 Nov 2024, 09:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3A00000FKAoOUAX - | |
References | () https://deneyed.com/blog/avalara/ - |
09 Jul 2024, 16:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-522 CWE-922 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
03 Jul 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Jul 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-03 06:15
Updated : 2024-11-21 09:25
NVD link : CVE-2024-38453
Mitre link : CVE-2024-38453
CVE.ORG link : CVE-2024-38453
JSON object : View
Products Affected
No product.