CVE-2024-10598 – This critical vulnerability in Tongda OA allows... (How to Fix)

Q: What is the severity of CVE-2024-10598?

CVE-2024-10598 has a CVSS score of 5.3 (MEDIUM). This critical vulnerability in Tongda OA allows attackers to bypass authorization controls in the annual leave management component, potentially accessing or manipulating sensitive HR data. It affects Tongda OA versions 11.2 through 11.6 and can be exploited remotely without authentication.

📋 TL;DR

This critical vulnerability in Tongda OA allows attackers to bypass authorization controls in the annual leave management component, potentially accessing or manipulating sensitive HR data. It affects Tongda OA versions 11.2 through 11.6 and can be exploited remotely without authentication.

💻 Affected Systems

Products:

Tongda OA

Versions: 11.2, 11.3, 11.4, 11.5, 11.6

Operating Systems: Any OS running Tongda OA

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the annual leave handler component specifically through the general/hr/setting/attendance/leave/data.php file.

📦 What is this software?

Office Anywhere by Tongda2000

View all CVEs affecting Office Anywhere →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access, modify, or delete sensitive employee leave records, personal information, and HR data, potentially leading to data breaches, compliance violations, or unauthorized system access.

🟠

Likely Case

Unauthorized access to employee leave data and HR information, potentially enabling data theft or manipulation of attendance records.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting isolated HR systems.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and has public exploit details available.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to access sensitive HR data they shouldn't have access to.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found in provided references

Restart Required: No

Instructions:

No official patch available. Monitor Tongda OA vendor channels for security updates and apply immediately when released.

🔧 Temporary Workarounds

Restrict access to vulnerable endpoint

all

Block or restrict access to the vulnerable PHP file using web server configuration or firewall rules

# Apache: <Location "/general/hr/setting/attendance/leave/data.php">
#   Order deny,allow
#   Deny from all
# </Location>
# Nginx: location ~ /general/hr/setting/attendance/leave/data\.php$ { deny all; }

Implement WAF rules

all

Add web application firewall rules to block requests to the vulnerable endpoint

# ModSecurity: SecRule REQUEST_URI "@contains /general/hr/setting/attendance/leave/data.php" "id:1001,phase:1,deny"

🧯 If You Can't Patch

Implement strict network segmentation to isolate Tongda OA systems from untrusted networks
Enable detailed logging and monitoring for access attempts to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check if Tongda OA version is between 11.2-11.6 and verify existence of /general/hr/setting/attendance/leave/data.php file

Check Version:

Check Tongda OA admin interface or configuration files for version information

Verify Fix Applied:

Test if unauthorized access to the vulnerable endpoint is blocked or properly authenticated

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /general/hr/setting/attendance/leave/data.php
Unauthorized access attempts to HR data endpoints

Network Indicators:

HTTP requests to vulnerable endpoint from unexpected sources
Unusual traffic patterns to HR system components

SIEM Query:

source="web_server" AND (uri="/general/hr/setting/attendance/leave/data.php" OR uri CONTAINS "data.php") AND (response_code=200 OR response_code=302)

📊 Metadata

CVE ID: CVE-2024-10598

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-285

Published: October 31, 2024

Last Updated: November 4, 2024

🔗 References

https://github.com/LvZCh/td/issues/1 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.282610 Permissions Required,VDB Entry
https://vuldb.com/?id.282610 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.433495 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10598, you might also want to check these: