CVE-2024-55470

Published

Severity

CVSS v3:
N/A
CVSS v2:
N/A

Description

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.

References

Configurations

CPE23Version StartVersion EndExact Version

External Links