CVE-2024-42165

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Aug 29, 2024

CWE ID 330

Summary

CVE-2024-42165 is a vulnerability affecting FIWARE Keyrock versions prior to 8.5. This issue stems from insufficiently random values used to generate activation tokens. An attacker can exploit this weakness by predicting the token for the activation link, enabling them to illegitimately activate accounts of any user within the system. Consequently, unauthorized access and potential data breaches may ensue. System administrators should update to the latest version of FIWARE Keyrock to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FIWARE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xUwYdD
https://www.cve.org/CVERecord?id=CVE-2024-42165
https://nvd.nist.gov/vuln/detail/CVE-2024-42165

Back to Vulnerability Database

CVE-2024-42165

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations