Missing Authentication for Critical Function in Fsas Technologies products - CVE-2024-33622

 

Missing Authentication for Critical Function in Fsas Technologies products - CVE-2024-33622

Published: June 18, 2024


Vulnerability identifier: #VU92199
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-33622
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Fsas Technologies
Affected software:
FUJITSU Business Application ID Link Manager II
FUJITSU Software ID Link Manager
FUJITSU Software TIME CREATOR ID Link Manager
FUJITSU Software TIME CREATOR ID Link Manager SaaS

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function. A remote user can obtaion sensitive information and alter the information stored in the database.


How to mitigate CVE-2024-33622

Install updates from vendor's website.

Sources