CVE-2024-8642

MEDIUM Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-303
View all →

Vulnerability Description

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.

Related Vulnerabilities

CVE-2016-9463

HIGH
CVSS:8.1(High)

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled...

CWE-3032016

CVE-2021-21902

HIGH
CVSS:7.5(High)

An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authenticat...

CWE-3032021

CVE-2022-33736

HIGH
CVSS:7.5(High)

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validat...

CWE-3032022

CVE-2022-41985

HIGH
CVSS:7.5(High)

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and...

CWE-3032022

CVE-2023-25957

HIGH
CVSS:7.5(High)

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9...

CWE-3032023