Tmall_demo Access Control Issue Allows Attackers to Obtain Sensitive Information
CVE-2024-40554

7.5HIGH

Key Information:

Vendor: Tmall
Status: Tmall Demo
Vendor: CVE Published:; 15 July 2024

What is CVE-2024-40554?

An access control vulnerability in Tmall_demo version 2024.07.03 enables unauthorized users to retrieve sensitive information, posing significant security risks for affected systems. This flaw highlights the importance of robust access controls and prompts users to upgrade to secure versions promptly. For detailed information regarding potential impacts and remediation steps, refer to this issue.

References

https://gitee.com/project_team/Tmall_demo/issues/IAANYB

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2024

CVE-2024-40554 Data

JSON