Vulnerability DatabaseCVE-2024-23687
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-23687
January 19, 2024
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.
Related ResourcesĀ (8)
https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446
https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3
https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3
https://github.com/folio-org/mod-data-export-spring/commit/cb6785565067a2a90c1e2250c241e5b23214c691
https://nvd.nist.gov/vuln/detail/CVE-2024-23687
https://github.com/folio-org/mod-data-export-spring
https://wiki.folio.org/x/hbMMBw
https://github.com/advisories/GHSA-vf78-3q9f-92g3
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Use of Hard-coded Credentials
CWE-798
EPSS
Base Score:
0.58