CVE-2024-32863 MEDIUM

CVE-2024-32863: exacqVison - CSRF issues with Web Service

Vendor Johnson Controls
Product exacqVision
Weakness CWE-352 · CSRF
Published August 1, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)

Key dates

02Disclosure timeline

August 1, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-27453 WordPress LWS Tools Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-14462 Lucky Draw Contests <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft CVE-2023-48283 WordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-28964 WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability