CVE-2024-8530

Summary

CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricData Center ExpertVersions 8.1.1.3 and prioraffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References