Vulnerability Description
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ragic | Enterprise Cloud Database | < 2024-08-08 |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/en/cp-139-8151-1a4b5-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-8150-c955a-1.htmlThird Party Advisory
FAQ
What is CVE-2024-9984?
CVE-2024-9984 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.
How severe is CVE-2024-9984?
CVE-2024-9984 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-9984?
Check the references section above for vendor advisories and patch information. Affected products include: Ragic Enterprise Cloud Database.