CVE-2024-4447 identifies a critical incorrect authorization vulnerability (CWE-863) in dotCMS core, specifically affecting version 4.2.1 and certain LTS versions. The initial issue involves the System → Maintenance tool's Logged Users tab exposing sessionId data for all users through the Direct Web Remoting (DWR) API endpoint UserSessionAjax.getSessionList.dwr. While session information should be restricted to administrators with 'Sign In As' privileges, the flaw allows any admin, even those lacking this privilege, to obtain session IDs and impersonate other users by hijacking sessions or generating API tokens. This undermines audit logs and attribution, enabling malicious admins to conceal unauthorized actions. Subsequently, additional DWR endpoints were found vulnerable to information disclosure, including UserAjax.getUsersList.dwr (user enumeration), RoleAjax.getUserRole.dwr, RoleAjax.getRole.dwr, RoleAjax.getRolePermissions.dwr, RoleAjax.isPermissionableInheriting.dwr, RoleAjax.getCurrentCascadePermissionsJobs.dwr (role and permission details), and ThreadMonitorTool.getThreads.dwr (system thread monitoring). Critically, RoleAjax.saveRolePermission.dwr allows privilege escalation by modifying role permissions without proper authorization. The combined vulnerabilities allow attackers with limited admin privileges to escalate access, harvest sensitive user and role information, and evade detection. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L) yields a score of 9.9, reflecting network exploitable, low complexity, requiring low privileges but no user interaction, with a scope change and high impact on confidentiality, integrity, and availability. The vulnerability was responsibly disclosed and fixed in dotCMS versions 24.07.12, 23.01.20 LTS, 23.10.24v13 LTS, and 24.04.24v5 LTS.

The vulnerability poses a severe risk to organizations using dotCMS core, especially those running affected versions. Attackers with limited administrative privileges can impersonate other users, including high-privilege accounts, leading to unauthorized access to sensitive content and administrative functions. The ability to modify role permissions enables privilege escalation, potentially granting full control over the CMS environment. This can result in data breaches, unauthorized content manipulation, disruption of services, and loss of trust. The obfuscation of attribution complicates incident response and forensic investigations, allowing malicious insiders or compromised admins to evade detection. Given dotCMS's use in enterprise content management, e-commerce, and digital experience platforms, exploitation could impact confidentiality, integrity, and availability of critical business data and services. The network-exploitable nature means attackers can leverage this vulnerability remotely, increasing the attack surface. Organizations face risks including compliance violations, reputational damage, and operational disruption.

1. Immediately upgrade dotCMS core to the fixed versions: 24.07.12, 23.01.20 LTS, 23.10.24v13 LTS, or 24.04.24v5 LTS as applicable. 2. Restrict administrative access strictly to trusted personnel and enforce the principle of least privilege, ensuring only necessary admins have elevated rights. 3. Audit and monitor usage of 'Sign In As' and other privileged functions to detect anomalous activity. 4. Disable or restrict access to DWR endpoints if not required, or implement network-level controls such as IP whitelisting and web application firewalls to limit exposure. 5. Implement robust logging and alerting on role permission changes and session management activities to detect potential abuse. 6. Conduct regular reviews of user roles and permissions to identify and remediate excessive privileges. 7. Educate administrators on the risks of session ID exposure and the importance of secure session handling. 8. Consider deploying runtime application self-protection (RASP) or endpoint detection solutions to identify exploitation attempts. 9. Perform penetration testing and vulnerability scanning post-patching to verify remediation and detect any residual issues.