A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Thu, 03 Jul 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo |
Tue, 08 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Solvait
Solvait solvait |
|
Weaknesses | CWE-269 | |
CPEs | cpe:2.3:a:solvait:solvait:24.4.2:*:*:*:*:*:*:* | |
Vendors & Products |
Solvait
Solvait solvait |
|
Metrics |
cvssV3_1
|
Mon, 07 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2024-10-07T00:00:00
Updated: 2024-10-08T14:08:44.567Z
Reserved: 2024-09-11T00:00:00
Link: CVE-2024-45919

Updated: 2024-10-08T14:07:33.338Z

Status : Analyzed
Published: 2024-10-07T21:15:18.083
Modified: 2025-07-03T13:48:58.623
Link: CVE-2024-45919

No data.