CVE-2024-6895
Insecure Account Profile Management
Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as password and email without being prompted for the current password, enabling account takeover.
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H
Produtos afetados
YugabyteDB · YugabyteDB AnywhereQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →