CVE-2024-5168

Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/improper-access-control-vulnerability-prodys-quantum-audio-codec

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-23 13:15

Updated : 2024-05-24 01:15

NVD link : CVE-2024-5168

Mitre link : CVE-2024-5168

CVE.ORG link : CVE-2024-5168

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

9.8 /10