CVE-2024-10122
CVE-2024-10122 is a low-severity vulnerability in Topdata Inner Rep Plus with a CVSS 3.x base score of 2.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-549.
Key facts
- Severity: Low (CVSS 3.x base score 2.7)
- CVSS v2: 3.3
- CVSS v4: 5.1
- EPSS exploit prediction: 0% (38th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-32918
- Weakness: CWE-549
- Affected product: Topdata Inner Rep Plus
- Published:
- Last modified:
Description
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Frequently asked questions
- What is CVE-2024-10122?
- A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
- How severe is CVE-2024-10122?
- CVE-2024-10122 has a CVSS 3.x base score of 2.7, rated low severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2024-10122 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (38th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-10122?
- CVE-2024-10122 affects Topdata Inner Rep Plus. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2024-10122?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-10122 have an EU (EUVD) identifier?
- Yes. CVE-2024-10122 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-32918.
- When was CVE-2024-10122 published?
- CVE-2024-10122 was published on 2024-10-18 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:topdata:inner_rep_plus:2.01:*:*:*:*:*:*:*
More vulnerabilities in Topdata Inner Rep Plus
- CVE-2024-10128 — Low (CVSS 2.7): A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this…
All CVEs affecting Topdata Inner Rep Plus →
Other CWE-549 vulnerabilities
- CVE-2025-42904 — Medium (CVSS 6.5): Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read…
- CVE-2025-31728 — Medium (CVSS 5.5): Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job…
- CVE-2025-31727 — Medium (CVSS 5.5): Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files…
- CVE-2025-13175 — Medium (CVSS 5.1): Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to…
- CVE-2026-3314 — Medium (CVSS 4.6): Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view,…
- CVE-2025-64170 — Low (CVSS 3.8): sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version…