CVE-2024-28061 | Cyber Solutions By Thales

Abstract Advisory Information

An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.

Author: Dominique RIGHETTO

Version affected

Name: APIRIS

Versions: Kafeo – 6.4.4

Common Vulnerability Scoring System

8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Patches

No patch given

References

https://www.kafeo.com/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28061

Vulnerability Disclosure Timeline

15/01/2024: Vulnerability discovery
16/01/2024: Vulnerability Report to CERT-XLM
19/01/2024: Vulnerability Report to Vendor through contact@kafeo.com, contact@apiris.fr emails and form
27/02/2024: Vulnerability Report resend to Vendor through contact@kafeo.com, contact@apiris.fr emails and form
27/02/2024: Called vendor, no response
27/02/2024: Request CVE ID to Mitre
01/03/2024: CVE IDs assigned CVE-2024-28061
23/05/2024: Expected Vulnerability disclosure