CVE-2024-7108
published 2024-09-26CVE-2024-7108: Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs. This…
PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.28%
19.5th percentile
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects CyberMath: before CYBM.240816253.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| national_keep_cyber_security_services | cybermath | < CYBM.240816253 | CYBM.240816253 |
| nationalkeep | cybermath | < cybm.240816253 | cybm.240816253 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
National Keep Cyber Security Services CyberMath 1.4/1.5 ACL authorization
vuldb·2026-06-04·CVSS 8.2
CVE-2024-7108 [HIGH] National Keep Cyber Security Services CyberMath 1.4/1.5 ACL authorization
A vulnerability, which was classified as problematic, has been found in National Keep Cyber Security Services CyberMath 1.4/1.5. The affected element is an unknown function of the component ACL. Performing a manipulation results in incorrect authorization.
This vulnerability is cataloged as CVE-2024-7108. The attack must be initiated from a local position. There is no exploit available.
It is advisable to upgrade the affected component.
GHSA
GHSA-rfp4-4g5j-5jgh: Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by AC
ghsa_unreviewed·2024-09-26
CVE-2024-7108 [HIGH] CWE-863 GHSA-rfp4-4g5j-5jgh: Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by AC
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-26
Published