How severe is CVE-2024-1258?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-1258?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2024-1258

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

CVSS v2 Score

1.8

Low

Weakness Type

CWE-321

View all →

Vulnerability Description

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.

CVE-2018-3825

MEDIUM

CVSS:5.9(Medium)

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, ...

CWE-3212018

CVE-2020-28391

MEDIUM

CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5....

CWE-3212020

CVE-2020-28395

MEDIUM

CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do no...

CWE-3212020

CVE-2023-39982

MEDIUM

CVSS:5.9(Medium)

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulne...

CWE-3212023

CVE-2024-38314

MEDIUM

CVSS:5.9(Medium)

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

CWE-3212024

CVE-2024-47256

MEDIUM

CVSS:6.0(Medium)

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data wit...

CWE-3212024

CVE-2024-1258

Vulnerability Description

Related Vulnerabilities

CVE-2018-3825

CVE-2020-28391

CVE-2020-28395

CVE-2023-39982

CVE-2024-38314

CVE-2024-47256