CVE-2024-26331

Published: Apr 30, 2024

Modified: Aug 6, 2024

PUBLISHED

Description

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm

https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-26331

Description

Affected Products

References