Linqi
CVE-2024-33865
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints.
AnalysisAI
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. Affected products include: Linqi. Version information: before 1.4.0.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re
Cryptographic weaknesses in the linqi application (versions ≤1.4.8.5) allow local attackers with low-level privileges to
Cross-tenant comment access in linqi BPM platform versions through 1.4.8.5 allows any authenticated user to read and wri
Authentication bypass in linqi's /api/Cdn/GetFile endpoint allows unauthenticated remote attackers to circumvent the Val
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.9), this vulnerability is no a
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.5), this vulnerability is remo
Server-side request forgery in linqi's custom process creation feature allows authenticated attackers to conduct interna
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 4.8), this vulnerability is low
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today