CVE-2024-1114

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 31, 2024

Updated: May 17, 2024

CWE ID 284

Summary

CVE-2024-1114 is a critical vulnerability affecting openBI versions up to 1.0.8. The issue lies in the function dlfile of the controller Screen.php's /application/index directory. Manipulation of the fileUrl argument results in improper access controls, enabling remote attackers to gain unauthorized access. This vulnerability, identified as VDB-252472, has been publicly disclosed, increasing the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uWboGX
https://www.cve.org/CVERecord?id=CVE-2024-1114
https://nvd.nist.gov/vuln/detail/CVE-2024-1114

Back to Vulnerability Database

CVE-2024-1114

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations