CVE-2024-5995

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 14, 2024

Updated: Jun 17, 2024

CWE ID 613

Summary

CVE-2024-5995 is a cybersecurity vulnerability affecting Soar Cloud HR Portal. The issue lies in the notification emails, which contain links embedded with expired but reusable sessions. These sessions, intended to be short-lived, remain active for over seven days, posing a significant security risk. An attacker could potentially intercept and reuse these sessions to gain unauthorized access to users' accounts, compromising sensitive HR data. It is recommended that Soar Cloud addresses this vulnerability promptly by implementing proper session expiration configurations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wdx6v9
https://www.cve.org/CVERecord?id=CVE-2024-5995
https://nvd.nist.gov/vuln/detail/CVE-2024-5995

Back to Vulnerability Database

CVE-2024-5995

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations