Vulnerability in TrueFiling Affects User Access Controls
CVE-2024-11146
6.3MEDIUM
Key Information:
- Vendor
- I3 Verticals
- Status
- Truefiling
- Vendor
- CVE Published:
- 17 January 2025
Summary
The TrueFiling application, a cloud-based electronic filing system for legal documentation, has a security flaw that allows authenticated users to manipulate URL identifiers. This vulnerability can lead to unauthorized access to case information and potential modification of user access settings. TrueFiling has addressed this issue in version 3.1.112.19, released on November 8, 2024, ensuring that identifiers are properly validated and access controls are strictly enforced.
Affected Version(s)
TrueFiling 0 < 3.1.112.19
TrueFiling 3.1.112.19
References
CVSS V4
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Alison Breacher