CVE-2024-25011
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ericsson | Ericsson Catalog Manager | 0 <= 22.6 | affected |
| Ericsson | Ericsson Order Care | 0 <= 22.6 | affected |
Weaknesses
- CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Workarounds
If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.