CVE-2024-25011 | THREATINT

Description

Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.

PUBLISHED Reserved 2024-02-02 | Published 2025-09-18 | Updated 2025-09-18 | Assigner ERIC

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

affected

Any version

affected

Default status

affected

Any version

affected

References

www.ericsson.com/en/about-us/security/psirt/cve-2024-25011

cve.org (CVE-2024-25011)

nvd.nist.gov (CVE-2024-25011)

Download JSON

help @ threatint.eu