CVE-2024-46310
CriticalCVSS 9.1Exploitation Probability (EPSS)
High risk82th percentile - higher than 82% of all known CVEs
Summary
A vulnerability in Cfx.re FXServer version v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via an exposed API endpoint. The issue stems from incorrect access control.
Risk Assessment
The risk includes unauthorized access to sensitive user data and the ability to modify it, potentially leading to breaches of confidentiality and data integrity within the organization.
Recommendation
It is recommended to immediately update Cfx.re FXServer to a version newer than v9601 and implement proper authentication and authorization mechanisms for all API endpoints.
Original NVD description (English source)
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

