Journyx Journyx (Jtime)
4 CVEs affecting Journyx Journyx (Jtime). Latest disclosed: 2024-08-07. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6893 | | 2024-08-07 | The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read… | |
CVE-2024-6892 | | 2024-08-07 | Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. | |
CVE-2024-6891 | | 2024-08-07 | Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. | |
CVE-2024-6890 | | 2024-08-07 | Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the… |