We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10598

Tongda OA Annual Leave data.php improper authorization



AssignerVulDB
Reserved2024-10-31
Published2024-10-31
Updated2024-11-01

Description

EN DE

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

In Tongda OA 11.2/11.3/11.4/11.5/11.6 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei general/hr/setting/attendance/leave/data.php der Komponente Annual Leave Handler. Durch das Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.



MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.0CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

Product status

11.2
affected

11.3
affected

11.4
affected

11.5
affected

11.6
affected

Timeline

2024-10-31:Advisory disclosed
2024-10-31:VulDB entry created
2024-10-31:VulDB entry last update

Credits

LVZC (VulDB User) reporter

References

https://vuldb.com/?id.282610 (VDB-282610 | Tongda OA Annual Leave data.php improper authorization) vdb-entry

https://vuldb.com/?ctiid.282610 (VDB-282610 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

https://vuldb.com/?submit.433495 (Submit #433495 | Beijing Tongda Xinke Technology Co., Ltd Tongda OA v11.2-v11.6 unauthorized access) third-party-advisory

https://github.com/LvZCh/td/issues/1 exploit issue-tracking

cve.org CVE-2024-10598

nvd.nist.gov CVE-2024-10598

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10598
Subscribe to our newsletter to learn more about our work.