Soliclub
CVE-2024-3305
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.
This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
AnalysisAI
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.4.0 for iOS, before 5.2.1 for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-639. Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.4.0 for iOS, before 5.2.1 for Android. Affected products include: Utarit Soliclub. Version information: before 4.4.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrec
Hard-coded credentials in Utarit Informatics SoliClub Android application versions prior to 5.3.7 allow remote unauthent
Authorization bypass in Utarit Informatics SoliClub Android application versions 5.2.4 through 5.3.6 allows remote unaut
Hard-coded credentials in Utarit Information Services SoliClub Android app (versions 5.2.4 through 5.3.7) allow remote u
Information disclosure in Utarit Informatics SoliClub Android app versions 5.2.4 through 5.3.6 allows remote unauthentic
Missing authorization controls in the SoliClub Android application (all versions before 5.3.7) allow authenticated low-p
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today