CVE-2024-3122

Summary

CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.

Affected Software

VendorProductVersion RangeStatus
CHANGINGMobile One Time Passwordearlier <= 3.11.2affected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References