CVE-2024-11071
7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
Summary
Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cyberdigm | DestinyECM | 5.24.10.* < 5.24.10.2303 | affected |
| Cyberdigm | DestinyECM | 5.23.10.* < 5.23.12.2450 | affected |
| Cyberdigm | DestinyECM | 5.23.02.* < 5.23.08.2451 | affected |
| Cyberdigm | DestinyECM | 5.22.* < 5.22.12.2446 | affected |
| Cyberdigm | DestinyECM | 5.21.*, 5.20.*, 5.19.* < 5.21.12.2303 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
- CWE-942: CWE-942 Permissive Cross-domain Policy with Untrusted Domains
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.