Cyber Resilience

CVE-2024-3263

Critical

Published: 14 May 2024

Published
14 May 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 54.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3263 is a critical-severity Improper Authentication (CWE-287) vulnerability in Remediata (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force…

more

attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions <= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Remediata
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-287 CWE-521

Documented IA policy and procedures require proper authentication mechanisms to be defined and followed, reducing improper authentication.

addresses: CWE-287 CWE-521

Centralized authentication mechanisms and policy enforcement reduce the chance of missing or weak authentication on individual components.

addresses: CWE-287

Detects unauthorized successful logons resulting from improper authentication implementations.

addresses: CWE-287

Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.

addresses: CWE-287

Security awareness training instructs users on secure authentication practices and avoiding credential compromise.

addresses: CWE-287

Training on authentication mechanisms and best practices decreases the occurrence of improper authentication.

addresses: CWE-287

Non-repudiation requires strong authentication mechanisms to irrefutably attribute performed actions to specific individuals or processes.

addresses: CWE-287

Session content review can reveal authentication bypasses or failures in session establishment.

References