CVE-2024-12564

Published Dec 12, 2024

Last updated 2 months ago

CVSS medium 6.9

Overview

Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.
Source
8a9629cb-c5e7-4d2a-a894-111e8039b7ea
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

Weaknesses

8a9629cb-c5e7-4d2a-a894-111e8039b7ea
CWE-200
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-732

Social media

Hype score
Not currently trending

  1. CVE-2024-12564 Sensitive Data Exposure in Open Design CDE inWEB SDK Pre-2025.3 A vulnerability was found in Open Design Alliance CDE inWEB SDK versions before 2025.3. This issue is about exposure of sensitive inf... https://t.co/ZkfJO6i1c1

    @VulmonFeeds

    12 Dec 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References