CVE-2024-8530 MEDIUM

CVE-2024-8530

Vendor Schneider Electric
Product Data Center Expert
Weakness CWE-306 · Missing auth
Published October 11, 2024
Last update October 17, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.

Key dates

02Disclosure timeline

October 11, 2024 CVE published
October 17, 2024 Record updated