CVE-2024-45504

Sept. 10, 2024, 12:09 p.m.

None
No Score

Description

Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.

Product(s) Impacted

Product Versions
Alps System Integration products
OEM products

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://alsifaq.dga.jp/faq_detail.html?id=6494
https://jvn.jp/en/jp/JVN05579230/
https://success.trendmicro.com/ja-JP/solution/KA-0017618
https://www.motex.co.jp/news/notice/2024/release240909/

Tags

vultures@jpcert.or.jp
2024-09-10
CVE-2024-45504

Timeline

Published: Sept. 10, 2024, 5:15 a.m.
Last Modified: Sept. 10, 2024, 12:09 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.