CVE-2024-36426

EUVD-2024-36364
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
targitdecision_suite_23.2.15007.0
𝑥
< autumn_2023
ADP
Common Weakness Enumeration
References
https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem
https://community.targit.com/hc/en-us/articles/16112758176156-Vulnerabilities
https://github.com/DMCERTCE/DecisionSuite_Token_in_Url
https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem
https://github.com/DMCERTCE/DecisionSuite_Token_in_Url