CVE-2024-6891

Summary

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.

Affected Software

VendorProductVersion RangeStatus
JournyxJournyx (jtime)11.5.4affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
  • CWE-95: CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References