Privilege Context Switching Error

CVE-2024-47173

Medium

5.5/10

Summary

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface versions from 2024.04.1 through 2024.07.1 are affected by a potential Denial of Service attack.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-270 - Privilege Context Switching Error

The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

References

Advisory

Advisory Timeline

Published Oct 24, 2024

Privilege Context Switching Error

CVE-2024-47173

Summary

CWE-270 - Privilege Context Switching Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS