CVE-2024-36426

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36426
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem
https://community.targit.com/hc/en-us/articles/16112758176156-Vulnerabilities
https://github.com/DMCERTCE/DecisionSuite_Token_in_Url
https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem
https://github.com/DMCERTCE/DecisionSuite_Token_in_Url
Configurations

No configuration.

History

18 Mar 2025, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-319

14 Jan 2025, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : unknown
CWE CWE-279

21 Nov 2024, 09:22

Type Values Removed Values Added
References () https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem - () https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem -
References () https://github.com/DMCERTCE/DecisionSuite_Token_in_Url - () https://github.com/DMCERTCE/DecisionSuite_Token_in_Url -

27 Sep 2024, 15:15

Type Values Removed Values Added
References
  • () https://community.targit.com/hc/en-us/articles/16112758176156-Vulnerabilities -

03 Jul 2024, 02:03

Type Values Removed Values Added
CWE CWE-279
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) En TARGIT Decision Suite 23.2.15007.0 anterior al otoño de 2023, el token de sesión es parte de la URL y puede enviarse en una sesión HTTP de texto sin cifrar.

27 May 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-27 22:15

Updated : 2025-03-18 18:15

NVD link : CVE-2024-36426

Mitre link : CVE-2024-36426

CVE.ORG link : CVE-2024-36426

JSON object : View

Products Affected

No product.

CWE
CWE-319

Cleartext Transmission of Sensitive Information