CVE-2024-48176

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 863

Summary

CVE-2024-48176 is a newly disclosed vulnerability affecting Lylme Spage version 1.9.5. This issue involves incorrect access control, allowing attackers to make an unlimited number of login attempts without the system refreshing the verification code after failure. As a result, attackers can brute force their way into the system backend. This flaw poses a significant threat, as successful exploitation could grant attackers full access to sensitive information and system functionalities. Users of Lylme Spage 1.9.5 are urged to upgrade to a patched version immediately to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zUIEUI
https://www.cve.org/CVERecord?id=CVE-2024-48176
https://nvd.nist.gov/vuln/detail/CVE-2024-48176

Back to Vulnerability Database

CVE-2024-48176

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations