CVE-2024-22074

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
dynamsoftdynamsoft_service
1.0.516 ≤
𝑥
< 1.3.3212
dynamsoftdynamsoft_service
1.4.1230 ≤
𝑥
< 1.4.3212
dynamsoftdynamsoft_service
1.5.0625 ≤
𝑥
< 1.5.31212
dynamsoftdynamsoft_service
1.6.0428 ≤
𝑥
< 1.6.3212
dynamsoftdynamsoft_service
1.7.0330 ≤
𝑥
< 1.7.4212
dynamsoftdynamsoft_service
1.8.1025 ≤
𝑥
< 1.8.2014
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/
https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/