Missing Authorization vulnerability in Metagauss EventPrime
CVE-2024-24832

7.5HIGH

Key Information:

Vendor: Metagauss
Status: Eventprime
Vendor: CVE Published:; 23 March 2024

Summary

The Metagauss EventPrime product exhibits a missing authorization vulnerability that allows potentially unauthorized access to its functionalities. This issue affects versions from n/a up to 3.3.9, exposing users to risks of privilege escalation and data manipulation. It is essential to implement additional access controls and monitor systems for unusual activities to safeguard against potential exploitation.

Affected Version(s)

EventPrime <= 3.3.9

References

https://patchstack.com/database/vulnerability/eventprime-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2024
Vulnerability Reserved
Jan 31, 2024

Credit

Abdi Pranata (Patchstack Alliance)