{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T01:22:26.609","vulnerabilities":[{"cve":{"id":"CVE-2024-6890","sourceIdentifier":"bbf0bd87-ece2-41be-b873-96928ee8fab9","published":"2024-08-07T23:15:41.543","lastModified":"2024-11-21T09:50:28.447","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password."},{"lang":"es","value":"Los tokens de restablecimiento de contraseña se generan utilizando una fuente aleatoria insegura. Los atacantes que conocen el nombre de usuario del usuario de instalación de Journyx pueden forzar el restablecimiento de contraseña y cambiar la contraseña de administrador."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"bbf0bd87-ece2-41be-b873-96928ee8fab9","type":"Secondary","description":[{"lang":"en","value":"CWE-321"},{"lang":"en","value":"CWE-334"},{"lang":"en","value":"CWE-799"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*","matchCriteriaId":"16D9FF52-C135-4C0E-B182-65D575879BEA"}]}]}],"references":[{"url":"https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt","source":"bbf0bd87-ece2-41be-b873-96928ee8fab9","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2024/Aug/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}