Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-26331

Published: 30/04/2024 Updated: 30/04/2024

Vulnerability Summary

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.

Vulnerability Trend

Vendor Advisories

Check Point Security Alerts: ReCrystallize Server Authentication Bypass (CVE-2024-26331)
Check Point Reference: CPAI-2024-0301 Date Published: 23 May 2024 Severity: High ...

References

https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htmhttps://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/https://nvd.nist.govhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0301.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook