CVE-2024-23554

Published May 18, 2024

Last updated 6 months ago

CVSS medium 5.7

Overview

Description: Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).
Source: psirt@hcl.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.7
Impact score: 5.2
Exploitability score: 0.5
Vector string: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Severity: MEDIUM

Weaknesses

psirt@hcl.com: CWE-352

Hype score: Not currently trending

References