CVE-2024-25011

Summary

Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.

Affected Software

VendorProductVersion RangeStatus
EricssonEricsson Catalog Manager0 <= 22.6affected
EricssonEricsson Order Care0 <= 22.6affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References