Back

CVE-2024-26331

April 30, 2024, 7:35 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

ReCrystallize Server

  • 5.10.0.0

Source

cve@mitre.org

Tags

CVE-2024-26331 details

Published : April 30, 2024, 7:15 p.m.
Last Modified : April 30, 2024, 7:35 p.m.

Description

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/ cve@mitre.org
https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.