CVE-2024-3165

CVSS 3.1 Score 4.5 of 10 (medium)

Details

Published Apr 1, 2024

Updated: Jul 26, 2024

CWE ID 522

Summary

CVE-2024-3165 is a vulnerability affecting the dotCMS dashboard where log files contain sensitive information, revealing username and password details for database connections. This issue poses a moderate risk, as it requires both backend admin access and inadequately secured databases. The vulnerability aligns with the OWASP Top 10 - A05 (Insecure Design) and A09 (Security Logging and Monitoring Failure) categories, emphasizing the importance of secure system design and effective logging practices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Dotcms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vJB5ii
https://www.cve.org/CVERecord?id=CVE-2024-3165
https://nvd.nist.gov/vuln/detail/CVE-2024-3165

Back to Vulnerability Database

CVE-2024-3165

CVSS 3.1 Score 4.5 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations