CVE-2024-27113

EPSS 0.17%
Veröffentlicht 11.09.2024 14:15:12
Zuletzt bearbeitet 18.09.2024 18:43:00
Quelle csirt@divd.nl
CVE-Watchlists
Login
Unerledigt
Login

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Soplanning ≫ Soplanning Version < 1.52.02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.377

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
csirt@divd.nl	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:M/U:Red

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://csirt.divd.nl/CVE-2024-27113

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-27113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27113

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-27113