CVE-2024-4447 | dotCMS Direct Web Remoting API UserSessionAjax.getSessionList.dwr authorization

Inserito da Angelo Barbosa | Lug 26, 2024 | CVE

A vulnerability was found in dotCMS. It has been declared as problematic. This vulnerability affects the function UserSessionAjax.getSessionList.dwr of the component Direct Web Remoting API. The manipulation leads to incorrect authorization.

This vulnerability was named CVE-2024-4447. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-4447 | dotCMS Direct Web Remoting API UserSessionAjax.getSessionList.dwr authorization

Post correlati

CVE-2023-52713 | Huawei HarmonyOS/EMUI Window Management Module permission

CVE-2025-6018 | pam-config

CVE-2024-3579 | Puneeth Reddy Online Shopping System Advanced URL cross site scripting

CVE-2024-34601 | Samsung GalaxyStore prior 4.5.81.0 Broadcast intent by broadcast receiver