CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-36426: In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.

Description

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.

Classification

CVE ID: CVE-2024-36426

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem
https://github.com/DMCERTCE/DecisionSuite_Token_in_Url
https://community.targit.com/hc/en-us/articles/16112758176156-Vulnerabilities

Timeline