Information disclosure in DataMosaix Private Cloud - CVE-2024-7952
Published: October 16, 2024
Vulnerability identifier: #VU98733
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-7952
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Rockwell Automation
Affected software:
DataMosaix Private Cloud
DataMosaix Private Cloud
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the hardcoded links in the source code that lead to JSON files that can be reached without authentication. A remote attacker can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2024-7952
Install updates from vendor's website.