CVE-2020-24030

CRITICAL

9.8

Descricao

ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "not exploitable in the current implementation. Tokens are properly expired, invalidated, and bound to session context. Attempts to alter the token payload to extend its validity do not affect server-side validation."

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado9/2/2020

Ultima modificacao10/14/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

forlogic:qualiex

Fraquezas (CWE)

CWE-672

Referencias

https://github.com/underprotection/CVE-2020-24030(cve@mitre.org)

https://qualiex.com(cve@mitre.org)

https://github.com/underprotection/CVE-2020-24030(af854a3a-2127-422b-91ae-364da2661108)

https://qualiex.com(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.