CVE-2024-2635 HIGH

CVE-2024-2635: Multiple vulnerabilities on Meta4 HR from Cegid

Vendor Cegid
Product Meta4 HR
Weakness CWE-698
Published March 19, 2024
Last update August 21, 2024

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality

Key dates

02Disclosure timeline

March 19, 2024 CVE published
August 21, 2024 Record updated