{
  "id": "CVE-2024-26331",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-04-30T19:15:23.200",
  "lastModified": "2024-04-30T19:35:36.960",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm",
      "source": "cve@mitre.org"
    }
  ]
}