CVE-2024-6895
Insecure Account Profile Management
Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H
Productos afectados
YugabyteDB · YugabyteDB Anywhere¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →