{"vulnerability": "cve-2024-5705", "sightings": [{"uuid": "4f344d65-3926-4452-8127-9756ae354741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57052", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113908418511859308", "content": "", "creation_timestamp": "2025-01-28T22:48:51.662178Z"}, {"uuid": "af70540d-f617-4f49-a41c-c4dddc41d078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57052", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113902794945002521", "content": "", "creation_timestamp": "2025-01-27T22:58:42.139446Z"}, {"uuid": "d05a8f57-6ee5-4024-96b0-19338fd438d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57052", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgr32ixnrh2f", "content": "", "creation_timestamp": "2025-01-27T23:15:35.890784Z"}, {"uuid": "c6b4e79f-6e3a-4de1-9254-808539b99ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57050", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114031809722318785", "content": "", "creation_timestamp": "2025-02-19T17:48:58.375656Z"}, {"uuid": "eb881450-9e1a-4706-84ca-8e7abb1952b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5705", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114033695504956262", "content": "", "creation_timestamp": "2025-02-20T01:48:26.317586Z"}, {"uuid": "e8d285ef-96ac-429a-a29f-6cb8c829c495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57050", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihkmqzfef2o", "content": "", "creation_timestamp": "2025-02-18T15:18:00.424173Z"}, {"uuid": "7086f2c1-6650-4f26-b6be-f2102d4792b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57050", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lihthewk5e2m", "content": "", "creation_timestamp": "2025-02-18T17:56:05.041693Z"}, {"uuid": "33b529a0-7c8f-4078-a1e4-a5c5d8a8f34a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57055", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwlgrss23", "content": "", "creation_timestamp": "2025-02-18T19:16:08.850381Z"}, {"uuid": "51348fea-5d84-4040-81bb-ec8d0f9bbe82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57056", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwnmtx52g", "content": "", "creation_timestamp": "2025-02-18T19:16:11.263044Z"}, {"uuid": "6c9974b2-dc0c-4968-8ed4-e7a815fd9752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57050", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"}, {"uuid": "14400818-b410-4665-ae3a-6fcfd7657ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57055", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liiauwjy7c2z", "content": "", "creation_timestamp": "2025-02-18T21:56:18.132873Z"}, {"uuid": "e666c787-f456-419c-9be1-eb0d2fbe7cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57056", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liiauwnbz52e", "content": "", "creation_timestamp": "2025-02-18T21:56:18.729169Z"}, {"uuid": "6421b022-e195-4fc5-8250-c5c2b8a9ebb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57050", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-57050.yaml", "content": "", "creation_timestamp": "2025-03-11T10:51:24.000000Z"}, {"uuid": "86f02c24-6f49-40a8-9fdb-f38cfd058fa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57050", "type": "seen", "source": "https://t.me/cvedetector/18330", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57050 - TP-Link WR840N Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57050 \nPublished : Feb. 18, 2025, 3:15 p.m. | 29\u00a0minutes ago \nDescription : A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer:  to the the request, it will be recognized as passing the authentication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T16:49:00.000000Z"}, {"uuid": "4f817001-bdef-42ca-b7eb-f2ce47a0f2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57052", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:02.000000Z"}, {"uuid": "81f8dff4-b80c-47bd-a5da-0c0a148acbfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5705", "type": "seen", "source": "https://t.me/cvedetector/18504", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5705 - Hitachi Vantara Pentaho Business Analytics Server Authorization Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-5705 \nPublished : Feb. 19, 2025, 11:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863)   \n  \n  \n  \n\u00a0  \n  \n  \n  \n\u00a0  \n  \n  \n  \nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, have modules enabled by default that allow execution of system level processes.   \n  \n  \n  \n\u00a0  \n  \n  \n  \n  \n  \n  \n  \n  \nWhen access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T02:16:51.000000Z"}, {"uuid": "42e2c9cd-8d90-4838-9cef-58f22afc3c22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57056", "type": "seen", "source": "https://t.me/cvedetector/18345", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57056 - WombatDialer Session Impersonation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57056 \nPublished : Feb. 18, 2025, 7:15 p.m. | 39\u00a0minutes ago \nDescription : Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T20:59:43.000000Z"}, {"uuid": "d5c64762-d510-447b-b6ac-b2c20ab971ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57055", "type": "seen", "source": "https://t.me/cvedetector/18344", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57055 - WombatDialer Server-Side Access Control Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-57055 \nPublished : Feb. 18, 2025, 7:15 p.m. | 39\u00a0minutes ago \nDescription : Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T20:59:42.000000Z"}, {"uuid": "bf25f12c-9052-4cfc-a100-ecfb18c512bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57052", "type": "seen", "source": "Telegram/5qdzHF4r03sEcVGZi1InfA1elRdTygOZiyiWX4yumRmzeFDh", "content": "", "creation_timestamp": "2025-01-28T03:22:55.000000Z"}, {"uuid": "75891c6b-cf3a-48c9-a5f4-5fb190e56809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5705", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4816", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-5705\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863) \n\n\n\n\u00a0\n\n\n\n\u00a0\n\n\n\nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, have modules enabled by default that allow execution of system level processes. \n\n\n\n\u00a0\n\n\n\n\n\n\n\n\nWhen access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service.\n\ud83d\udccf Published: 2025-02-19T22:55:08.706Z\n\ud83d\udccf Modified: 2025-02-20T20:55:44.629Z\n\ud83d\udd17 References:\n1. https://support.pentaho.com/hc/en-us/articles/34296615099405--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Incorrect-Authorization-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-5705", "creation_timestamp": "2025-02-20T21:17:49.000000Z"}, {"uuid": "29e5aaf8-400a-41b5-b7e9-baf8b94a74dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57055", "type": "seen", "source": "Telegram/ZOstBnoo8ULZudEfF1tbr-sK-0_EVc5LYX7H1hHEI6yiuj_O", "content": "", "creation_timestamp": "2025-02-20T01:27:45.000000Z"}, {"uuid": "61c64a17-aaec-4824-877d-d5db16b403d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57052", "type": "seen", "source": "https://t.me/cvedetector/16554", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57052 - Youdian CMS Session ID Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57052 \nPublished : Jan. 27, 2025, 11:15 p.m. | 1\u00a0hour, 45\u00a0minutes ago \nDescription : An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T02:04:12.000000Z"}]}