COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-23687

CVE-2024-23687

Severity
critical
Source
NVD · cve
Published
2024-01-19
CVSS
9.1
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-23687

Players implicated

openlibraryfoundation · vendormod-data-export-spring · product

Description

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.