CVE-2024-4428

EPSS 0.49%
Veröffentlicht 29.08.2024 11:15:27
Zuletzt bearbeitet 03.06.2026 16:16:22
Quelle iletisim@usom.gov.tr
CVE-Watchlists
Login
Unerledigt
Login

Sensetive Data Exposure in Menulux Managment Portal

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.

This issue affects Managment Portal: through 21.05.2024.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Menulux ≫ Managment Portal Version <= 21.05.2024

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.38

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
iletisim@usom.gov.tr	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.usom.gov.tr/bildirim/tr-24-1356

Broken Link

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1356

https://nvd.nist.gov/vuln/detail/CVE-2024-4428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4428

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-4428