The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2024-06-14T08:22:11.671Z
Updated: 2024-06-18T18:28:07.564Z
Reserved: 2024-06-14T06:53:32.217Z
Link: CVE-2024-5996
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-14T09:15:11.010
Modified: 2024-06-17T12:42:04.623
Link: CVE-2024-5996
JSON object: View
Redhat Information
No data.
CWE