1. Home
  2. CVE Database
  3. CVE-2024-46310
CRITICAL · 9.1

CVE-2024-46310

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

Vulnerability Description

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-281

References

FAQ

What is CVE-2024-46310?

CVE-2024-46310 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

How severe is CVE-2024-46310?

CVE-2024-46310 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-46310?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.