CVE-2024-36426 - TARGIT Decision Suite Securing Session Token Vulnerability in Versions Prior to Autumn 2023 Update

The recently discovered security vulnerability CVE-2024-36426 affects TARGIT Decision Suite, a well-known business intelligence and analytics software. This vulnerability allows an attacker to intercept session tokens sent over an unencrypted connection, potentially leading to unauthorized access and data breaches. If you are using TARGIT Decision Suite version 23.2.15007. or earlier, it is essential to update to the latest version that addresses this critical flaw.

This post will cover the details of the vulnerability and provide instructions to both test and mitigate the risk.

Vulnerability Details

In TARGIT Decision Suite 23.2.15007., before the Autumn 2023 update, session tokens are included as part of the URL for HTTP requests. Since these requests are not encrypted, the session tokens may be sent in cleartext, making them vulnerable to interception and unauthorized access.

Affected Products

This vulnerability primarily impacts TARGIT Decision Suite 23.2.15007. and earlier versions. The issue was fixed in the Autumn 2023 update.

To check if your TARGIT Decision Suite installation is vulnerable, follow these steps

1. Open your browser's developer tools (usually by pressing F12 or right-clicking and selecting "Inspect").

3. Look for URLs containing a session token (for example, "http://example.com/TARGIT?token=abcdef").
4. If you find any URLs with a session token in cleartext, your instance of TARGIT Decision Suite is vulnerable to CVE-2024-36426.

Here's a sample code snippet illustrating the issue

GET /TARGIT?token=abcdef HTTP/1.1
Host: example.com
User-Agent: Mozilla/5....

To address this vulnerability in existing TARGIT Decision Suite installations, follow these steps

1. Update to the latest version of TARGIT Decision Suite (Autumn 2023 or later). Official release notes are available at TARGIT's website.
2. Ensure that your TARGIT Decision Suite installation is configured to use HTTPS (encrypted) connections. You can find instructions in the official TARGIT Knowledge Base.

Conclusion

CVE-2024-36426 is a critical security vulnerability in TARGIT Decision Suite versions 23.2.15007. and earlier. By including the session token in the URL and sending it over a cleartext HTTP connection, it exposes sensitive information and increases the risk of unauthorized access and data breaches.

By updating to the Autumn 2023 release (or later) and configuring TARGIT Decision Suite to use HTTPS connections, you can mitigate the risk associated with this vulnerability. Always monitor your software installations for security updates and follow best practices to maintain the highest level of data protection.

For further information regarding this vulnerability, refer to the original advisory on CVE Details and the National Vulnerability Database listing.

Timeline

Published on: 05/27/2024 22:15:08 UTC
Last modified on: 08/02/2024 03:37:05 UTC