CVE-2024-22074

CRITICAL

Dynamsoft Service - Incorrect Access Control

Title source: llm

Description

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.

References (1)

Core 1

Core References

Vendor Advisory

https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/

Scores

CVSS v3 9.8

EPSS 0.0045

EPSS Percentile 35.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

dynamsoft/dynamsoft_service 1.0.516 - 1.3.3212

Published Jun 06, 2024

Tracked Since Feb 18, 2026