CVE-2024-58343
Received
Received - Intake
Deserialization Flaw in Vision Helpdesk Allows User Profile Disclosure
Publication date: 2026-04-16
Last updated on: 2026-04-16
Assigner: MITRE
Description
Description
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vision_helpdesk | vision_helpdesk | to 5.7.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-425 | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Vision Helpdesk versions before 5.7.0 (patched in 5.6.10). It allows attackers to read user profiles by modifying serialized cookie data related to vis_client_id.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can read user profile information, which may lead to unauthorized disclosure of personal or sensitive data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70