CVE-2024-46505

Infoblox BloxOne version 2.4 contains a business logic flaw stemming from thick client vulnerabilities, tracked as CVE-2024-46505. This issue was published on January 9, 2025, and carries a CVSS v3.1 base score of 9.1 (Critical), with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. It is associated with CWEs 276 (Incorrect Default Permissions), 312 (Cleartext Storage of Sensitive Information), 319 (Insufficiently Protected Credentials), and 798 (Use of Hard-coded Credentials).

The vulnerability enables exploitation by unauthenticated attackers over the network with low complexity and no user interaction required. Successful exploitation results in high integrity and availability impacts, though confidentiality remains unaffected, allowing attackers to potentially manipulate system operations or disrupt services without privileges.

Details on mitigation, including any patches or advisories, are available in the referenced disclosure at https://jayaramyalla.medium.com/bloxone-business-logic-flaw-due-to-thick-client-vulnerabilities-cve-2024-46505-04a4f1966f4b. Security practitioners should consult this source for vendor-specific remediation guidance.