CVE Details: CVE-2024-9970

Description

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.

Published Date: 2024-10-15
Last Modified Date: 2024-10-15
Severity: HIGH
CVSS v3 Score: 8.8
CWE ID: CWE-565
Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
User Interaction: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

Back to CVE List