CVE-2024-4341 - Vulnerability Details

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Extremepacs	Extreme Xds

Configuration 1 [-]

cpe:2.3:a:extremepacs:extreme_xds:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0893
https://www.usom.gov.tr/bildirim/tr-24-0893

History

Wed, 03 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description	Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.	Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928.
References		https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0893

Tue, 14 Oct 2025 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269

Tue, 14 Oct 2025 13:00:00 +0000

Type	Values Removed	Values Added
Description	Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.	Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.
Title	Information Disclosure in ExtremePacs's Extreme XDS	IDOR in ExtremePacs's Extreme XDS
Weaknesses		CWE-639 CWE-862

Fri, 12 Sep 2025 07:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 12 Sep 2025 06:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Fri, 30 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Extremepacs Extremepacs extreme Xds
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:extremepacs:extreme_xds::::::::
Vendors & Products		Extremepacs Extremepacs extreme Xds

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-07-08T13:46:12.791Z

Updated: 2026-06-03T14:07:36.014Z

Reserved: 2024-04-30T11:46:14.316Z

Link: CVE-2024-4341

Vulnrichment

Updated: 2024-08-01T20:40:46.494Z

NVD

Status : Modified

Published: 2024-07-08T14:15:03.167

Modified: 2026-06-03T16:16:22.823

Link: CVE-2024-4341

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object