CVE-2024-13061 CRITICAL

CVE-2024-13061: 2100 Technology Electronic Official Document Management System - Authentication Bypass

Vendor 2100 Technology Electronic
Product Official Document Management System
Weakness CWE-290
Published December 31, 2024
Last update January 2, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system.

Key dates

02Disclosure timeline

December 31, 2024 CVE published
January 2, 2025 Record updated