CVE-2024-25011 - Vulnerability Details - OpenCVE

Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.ericsson.com/en/about-us/security/psirt/cve-2024-25011

History

Thu, 18 Sep 2025 11:45:00 +0000

Type	Values Removed	Values Added
Description		Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.
Title		Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability
Weaknesses		CWE-200
References		https://www.ericsson.com/en/about-us/security/psirt/cve-2024-25011
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ERIC

Published: 2025-09-18T11:38:18.371Z

Updated: 2025-09-18T13:31:46.260Z

Reserved: 2024-02-02T21:33:13.076Z

Link: CVE-2024-25011

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-09-18T12:15:38.060

Modified: 2025-09-18T13:43:34.310

Link: CVE-2024-25011

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25011", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "state": "PUBLISHED", "assignerShortName": "ERIC", "dateReserved": "2024-02-02T21:33:13.076Z", "datePublished": "2025-09-18T11:38:18.371Z", "dateUpdated": "2025-09-18T13:31:46.260Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Ericsson Catalog Manager", "vendor": "Ericsson", "versions": [{"changes": [{"at": "22.7", "status": "unaffected"}], "lessThanOrEqual": "22.6", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Ericsson Order Care", "vendor": "Ericsson", "versions": [{"changes": [{"at": "22.7", "status": "unaffected"}], "lessThanOrEqual": "22.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue."}], "value": "Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2025-09-18T11:38:18.371Z"}, "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2024-25011"}], "source": {"discovery": "UNKNOWN"}, "title": "Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue."}], "value": "If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-18T13:31:25.336493Z", "id": "CVE-2024-25011", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T13:31:46.260Z"}}]}}