CVE-2024-8395

Summary

CVE-2024-8395 identifies a critical SQL injection vulnerability affecting FlyCASS CASS and KCM systems, which fail to adequately filter SQL queries, allowing unauthenticated attackers to exploit the flaw. The vulnerability has a CVSS base score of 9.8, indicating high potential for integrity and confidentiality impacts, as well as significant availability risks. Given its low attack complexity and lack of required privileges or user interaction, the threat level is elevated within organizational environments. Remediation efforts should focus on applying security patches or updates provided by the vendor to mitigate the risk associated with this vulnerability. Organizations utilizing affected products must act promptly to preserve data integrity and protect against unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.