Is CVE-2024-4596 actively exploited?

CVE-2024-4596 has no public evidence of in-the-wild exploitation as of 2025-10-10.

What is the CVSS score for CVE-2024-4596?

CVE-2024-4596 has a CVSS score of 3.7 (LOW severity). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

How do I patch CVE-2024-4596?

Patch guidance is available from kimai security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-4596.

CVE-2024-4596 - remediation guidance & executive summary

Description

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector: network
Complexity: high
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Weaknesses: CWE-200 · Information DisclosureNVD-CWE-noinfo

Metadata

Primary Vendor: KIMAI
Published: 5/7/2024
Last Modified: 10/10/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

kimai : kimai

Remediation Guidance

Executive Summary

Cite this page

CVE-2024-4596. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2024-4596

View on NIST NVD

CVE-2024-4596 vulnerability