CVE-2024-22074 - Vulnerability Details - OpenCVE

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Dynamsoft	Dynamsoft Service

Configuration 1 [-]

OR	cpe:2.3:a:dynamsoft:dynamsoft_service::::::::
	cpe:2.3:a:dynamsoft:dynamsoft_service::::::::
	cpe:2.3:a:dynamsoft:dynamsoft_service::::::::
	cpe:2.3:a:dynamsoft:dynamsoft_service::::::::
	cpe:2.3:a:dynamsoft:dynamsoft_service::::::::
	cpe:2.3:a:dynamsoft:dynamsoft_service::::::::

No data.

References

Link	Providers
https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/

History

Tue, 18 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

Thu, 13 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 16 Oct 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dynamsoft Dynamsoft dynamsoft Service
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:dynamsoft:dynamsoft_service::::::::
Vendors & Products		Dynamsoft Dynamsoft dynamsoft Service
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-06T20:45:58.421Z

Updated: 2025-03-18T20:48:10.151Z

Reserved: 2024-01-05T00:00:00.000Z

Link: CVE-2024-22074

Vulnrichment

Updated: 2024-08-01T22:35:34.596Z

NVD

Status : Modified

Published: 2024-06-06T21:15:48.180

Modified: 2025-03-18T21:15:23.753

Link: CVE-2024-22074

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-22074", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-18T20:48:10.151Z", "datePublished": "2024-06-06T20:45:58.421Z", "dateReserved": "2024-01-05T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-06T20:45:58.765Z"}, "descriptions": [{"lang": "en", "value": "Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-18T18:33:21.447715Z", "id": "CVE-2024-22074", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T20:48:10.151Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.596Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.596Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-22074", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-18T18:33:21.447715Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T18:33:31.733Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/"}], "descriptions": [{"lang": "en", "value": "Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-06T20:45:58.765Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22074", "state": "PUBLISHED", "dateUpdated": "2025-03-18T20:48:10.151Z", "dateReserved": "2024-01-05T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-06-06T20:45:58.421Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dynamsoft:dynamsoft_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEF6500D-E54C-4649-BA21-639CDC56AA4C", "versionEndExcluding": "1.3.3212", "versionStartIncluding": "1.0.516", "vulnerable": true}, {"criteria": "cpe:2.3:a:dynamsoft:dynamsoft_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "26B0C115-CF41-4DA3-9AD1-1766C1AB361E", "versionEndExcluding": "1.4.3212", "versionStartIncluding": "1.4.1230", "vulnerable": true}, {"criteria": "cpe:2.3:a:dynamsoft:dynamsoft_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F6E9392-D683-4908-B737-C5BC17709BB8", "versionEndExcluding": "1.5.31212", "versionStartIncluding": "1.5.0625", "vulnerable": true}, {"criteria": "cpe:2.3:a:dynamsoft:dynamsoft_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8BFCB02-14DB-4E6E-8397-B7CDA1E7D074", "versionEndExcluding": "1.6.3212", "versionStartIncluding": "1.6.0428", "vulnerable": true}, {"criteria": "cpe:2.3:a:dynamsoft:dynamsoft_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "1595FD37-FC51-41E2-8F4C-4FD08055BFF7", "versionEndExcluding": "1.7.4212", "versionStartIncluding": "1.7.0330", "vulnerable": true}, {"criteria": "cpe:2.3:a:dynamsoft:dynamsoft_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "99BFC038-39B1-4C7D-9C4B-3121F9D5631C", "versionEndExcluding": "1.8.2014", "versionStartIncluding": "1.8.1025", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212."}, {"lang": "es", "value": "Dynamsoft Service 1.8.1025 a 1.8.2013, 1.7.0330 a 1.7.2531, 1.6.0428 a 1.6.1112, 1.5.0625 a 1.5.3116, 1.4.0618 a 1.4.1230 y 1.0.516 a 1.3.0115 tiene control de acceso incorrecto. Esto se solucion\u00f3 en 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212 y 1.3.3212."}], "id": "CVE-2024-22074", "lastModified": "2025-03-18T21:15:23.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-06T21:15:48.180", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dynamsoft.com/support/security-bulletin-dwt-2024-22074/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}