CVE-2024-10598

Published Oct 31, 2024

Last updated 13 days ago

CVSS medium 6.9

Overview

Description
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Source
cna@vuldb.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
2.5
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

CVSS 2.0

Type
Secondary
Base score
5
Impact score
2.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-862
cna@vuldb.com
CWE-285

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10598 (Published: 2024-10-31) - A critical vulnerability in Tongda affects multiple versions. Users are urged to update to the latest patched version immediately to mitigate risks. For detailed remediation steps, visit: https://t.co/lETuWsAygS #CyberSecurity… https://

    @transilienceai

    4 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10598 (Published: 2024-10-31) - A critical vulnerability in Tongda affects multiple versions. Users are urged to update to the latest patched version immediately to mitigate risks. For detailed remediation steps, visit: https://t.co/lETuWsAygS #CyberSecurity… https://

    @transilienceai

    4 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10598 (Published: 2024-10-31) - A critical vulnerability in Tongda affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For detailed remediation steps, visit: https://t.co/lETuWsAygS. Stay secure! #CyberSecurity… ht

    @transilienceai

    4 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10598 (Published: 2024-10-31) - Critical vulnerability in Tongda! Affects multiple versions. Immediate remediation is essential to protect your systems. For detailed info and mitigation strategies, visit: https://t.co/lETuWsAygS #CyberSecurity #Vulnerability #CVE

    @transilienceai

    4 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-10598 A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attenda… https://t.co/pTGEvVgpQP

    @CVEnew

    31 Oct 2024

    505 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References