CVE-2024-43438

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 7, 2024

Updated: Nov 8, 2024

CWE ID 639

Summary

CVE-2024-43438 is a vulnerability affecting the Feedback feature in a certain software. The issue lies in the bulk messaging function of the activity's non-respondents report, which fails to verify the recipients. This means that messages can be sent to unintended users who are included in the report, leading to potential privacy violations or even phishing attacks. Unauthorized users may gain access to sensitive information or manipulate the recipients, posing a significant risk to the system and its users. It is recommended that users update their software promptly to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/x6lB0C
https://www.cve.org/CVERecord?id=CVE-2024-43438
https://nvd.nist.gov/vuln/detail/CVE-2024-43438

Back to Vulnerability Database

CVE-2024-43438

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations