9.8

CVE-2020-24030

EPSS 1.42%
Veröffentlicht 02.09.2020 17:15:12
Zuletzt bearbeitet 14.10.2025 13:15:32
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expired, invalidated, and bound to session context. Attempts to alter the token payload to extend its validity do not affect server-side validation."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Forlogic ≫ Qualiex Version1.0

Forlogic ≫ Qualiex Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.42%	0.787

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-672 Operation on a Resource after Expiration or Release

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

https://qualiex.com

Vendor Advisory

Product

https://github.com/underprotection/CVE-2020-24030

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-24030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24030

EUVD