uniFLOW Online device registration susceptible to compromise
Description
The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2024.1.0+ 1 more
- (no CPE)range: <=2024.1.0
- (no CPE)range: 0
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- ntware.atlassian.net/wiki/spaces/SA/pages/12113215492/2024+Security+Advisory+Device+registration+susceptible+to+compromisemitrevendor-advisorymitigation
- www.canon-europe.com/psirt/advisory-information/mitrevendor-advisorymitigation
News mentions
0No linked articles in our index yet.