CVE-2024-45919 Information

Description

A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.

Reference

https://gist.github.com/ipxsec/28afaf965389283a68433c7afd54d17a