{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5996", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-06-14T06:53:32.217Z", "datePublished": "2024-06-14T08:22:11.671Z", "dateUpdated": "2024-06-18T18:28:07.564Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HR Portal", "vendor": "Soar Cloud", "versions": [{"lessThan": "7.3.2024.0409", "status": "affected", "version": "earlier", "versionType": "custom"}]}], "datePublic": "2024-06-14T07:57:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system."}], "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system."}], "impacts": [{"capecId": "CAPEC-102", "descriptions": [{"lang": "en", "value": "CAPEC-102 Session Sidejacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-06-14T08:22:44.906Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7873-5ba4c-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-7874-b6727-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to \n\n<span style=\"background-color: rgb(255, 255, 255);\">version</span>&nbsp;7.3.2024.0409 or later."}], "value": "Update to \n\nversion\u00a07.3.2024.0409 or later."}], "source": {"advisory": "TVN-202406010", "discovery": "EXTERNAL"}, "title": "Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "soar_cloud", "product": "hr_portal", "cpes": ["cpe:2.3:a:soar_cloud:hr_portal:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "7.3.2024.0409", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-18T18:22:36.253541Z", "id": "CVE-2024-5996", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T18:28:07.564Z"}}]}}

{"descriptions": [{"lang": "en", "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system."}, {"lang": "es", "value": "Los correos electr\u00f3nicos de notificaci\u00f3n enviados por Soar Cloud HR Portal contienen un enlace con una sesi\u00f3n integrada. Estos correos electr\u00f3nicos se env\u00edan sin utilizar un protocolo de transmisi\u00f3n cifrado. Si un atacante intercepta los paquetes, puede obtener la informaci\u00f3n de la sesi\u00f3n en texto plano y utilizarla para iniciar sesi\u00f3n en el sistema."}], "id": "CVE-2024-5996", "lastModified": "2024-06-17T12:42:04.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-06-14T09:15:11.010", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-7874-b6727-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-7873-5ba4c-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}