CVE-2024-9003

Summary

CVE-2024-9003 is a vulnerability identified in Jinan Chicheng Company’s JFlow version 2.0.0, specifically affecting the AttachmentUploadController function within the Attachment Handler component. This vulnerability allows for improper access controls due to manipulation of the 'oid' argument in the file path /WF/Ath/EntityMutliFile_Load.do, which can be exploited remotely. The issue has been rated with a medium severity score of 4.3, indicating a low complexity attack vector requiring minimal privileges and no user interaction. Organizations using this product are at risk of unauthorized access to sensitive attachment information, as the exploit has already been disclosed publicly and could potentially be used by attackers. To remediate this vulnerability, it is recommended that users apply any available patches or updates from the vendor, although no response was received from them regarding this disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.