CVE-2024-6890

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 7, 2024

Updated: Aug 8, 2024

CWE ID 321

CWE ID 334

CWE ID 799

CWE ID 798

Summary

CVE-2024-6890: This vulnerability exposes Journyx installations to a threat where an attacker, armed with knowledge of a specific user account, can exploit the insecure generation process of password reset tokens. The consequence is the ability to reset and subsequently alter the administrator password, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Journyx

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xGSqFO
https://www.cve.org/CVERecord?id=CVE-2024-6890
https://nvd.nist.gov/vuln/detail/CVE-2024-6890

Back to Vulnerability Database

CVE-2024-6890

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations