CVE-2024-45919
MEDIUMSolvait 24.4.2 - Privilege Escalation via Request ID and Action Type Manipulation
Title source: llmDescription
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://gist.github.com/ipxsec/28afaf965389283a68433c7afd54d17a
Scores
CVSS v3
6.5
EPSS
0.0032
EPSS Percentile
23.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (1)
solvait/solvait
24.4.2
Published
Oct 07, 2024
Tracked Since
Feb 18, 2026