Skip to main content

CVE-2024-12056

LOW
Improperly Implemented Security Check for Standard (CWE-358)
2024-12-04 87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932
2.3
CVSS 4.0 · Vendor: 87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

Severity by source

Vendor (87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932) PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:M/U:Green

Primary rating from Vendor (87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932) · only source for this CVE.

CVSS VectorVendor: 87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:M/U:Green
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
CVE Published
Dec 04, 2024 - 15:15 cve.org
LOW 2.3

DescriptionCVE.org

The Client secret is not checked when using the OAuth Password grant type.

By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.

AnalysisAI

The Client secret is not checked when using the OAuth Password grant type. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-358. The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2024-12056 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy