FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-9984

Missing Authentication for Critical Function (CWE-306)

Published: Oct 15, 2024 / Updated: 35d ago

010
CVSS 9.8EPSS 0.09%Critical
CVE info copied to clipboard

Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9984

Oct 15, 2024 at 9:15 AM
First Article

Feedly found the first article mentioning CVE-2024-9984. See article

Oct 15, 2024 at 9:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 15, 2024 at 9:24 AM
EPSS

EPSS Score was set to: 0.09% (Percentile: 39.8%)

Oct 16, 2024 at 9:58 AM
Static CVE Timeline Graph

Affected Systems

Ragic/enterprise_cloud_database
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

【Vulnerability Alert】 Multiple Critical Security Vulnerabilities in Ragic Enterprise Cloud Database
Google Alert - enforces-fare-payment OR technological-communication OR analyze-domain OR analysis-of-product-strategy OR security-vulnerabilities OR industry-reports-analysis OR reducing-cash-handling OR power-management-efficiency OR convenience-efficiency-and-accessibility OR analysis-task OR nuances-of-regional-differences / 28d
Source: Ministry of education information & communication security contingency platform Ministry of education information & communication security contingency platform
Ragic Product Security Update Advisory (CVE-2024-9984)
ASEC / 33d
Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version. Users of the affected versions are advised to update to the latest version.
Ragic Enterprise Cloud Database Patches Multi Flaws, Including CVE-2024-9984 (CVSS 9.8) [app] [cloud]
Talkback News / 33d
TWCERT/CC warns of vulnerabilities in Ragic Enterprise Cloud Database (CVE-2024-9983, CVE-2024-9984, CVE-2024-9985) allowing data breaches, system compromise, and operational disruptions, urging update to version 2024/08/08 09:45:25 or later.
Ragic Enterprise Cloud Database Patches Multi Flaws, Including CVE-2024-9984 (CVSS 9.8)
Cybersecurity News / 34d
Taiwan’s Computer Emergency Response Team (TWCERT/CC) has issued a warning regarding multiple vulnerabilities discovered in the Ragic Enterprise Cloud Database, a popular no-code platform for building custom business applications. CVE-2024-9983 (CVSS 7.5): Arbitrary File Read via Path Traversal: This flaw allows unauthenticated attackers to exploit a vulnerability in a specific page parameter to read arbitrary system files, potentially exposing sensitive information.
Critical - CVE-2024-9984 - Enterprise Cloud Database from Ragic does not...
Security-Database Alerts Monitor : Last 100 Alerts / 35d
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session...
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-306(1267)Ragic(5)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial