Radar
CVE-2024-10121
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vuldb) · only source for this CVE.
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-639. A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way. Affected products include: Riskengine Radar. Version information: up to 1.0.8.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. Rated medium severity (CVSS 6.9
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upo
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today