CVE-2024-10438

Summary

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.

Affected Software

VendorProductVersion RangeStatus
SunneteHRD CTMS0 < 10.14affected

Weaknesses

  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References