Use of Hard-coded Password

CVE-2024-29011

High

7.5/10

Summary

Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-259 - Use of Hard-coded Password

The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References

Advisory Timeline

Published May 01, 2024

Use of Hard-coded Password

CVE-2024-29011

Summary

CWE-259 - Use of Hard-coded Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS