MEDIUM
ZF
CVE published 2025-01-21
CVE-2024-12054
CVE-2024-12054 is a medium-severity authentication bypass vulnerability in ZF's RSSPlus 2M Roll Stability Support Plus system, published by CISA on January 21, 2025. The vulnerability stems from deterministic SecurityAccess service seeds that allow attackers to predict authentication tokens and remotely invoke diagnostic functions intended only for workshop or repair scenarios. Attack vectors include prox [truncated]