What is CVE-2024-26331?

CVE-2024-26331 is a vulnerability in N/a. Published 2024-04-30.

Is CVE-2024-26331 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-26331

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing cli…

EPSS: 0.679 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
Ostorlab/KEV

References

www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm
sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulne…

Frequently asked questions

What is CVE-2024-26331?: CVE-2024-26331 is a vulnerability in N/a. Published 2024-04-30.
Is CVE-2024-26331 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.