CVE-2024-6679

Summary

CVE-2024-6679 is a critical vulnerability affecting witmy my-springsecurity-plus up to version 2024-07-04. This issue lies within an unknown function in the /api/role file, where the manipulation of the params.dataScope argument allows for SQL injection attacks. These attacks can be launched remotely, meaning an unauthorized user can exploit this vulnerability from outside the system. The exploit for this vulnerability, identified as VDB-271152, has been made public, increasing the risk of potential attacks. Users of affected versions of my-springsecurity-plus are strongly urged to apply the necessary patches to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.