CVE-2024-47651

EPSS 0.15%
Veröffentlicht 04.10.2024 12:15:12
Zuletzt bearbeitet 10.10.2024 21:01:39
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shilpi ≫ Client Dashboard Version < 9.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.349

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vdisclose@cert-in.org.in	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-235 Improper Handling of Extra Parameters

The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47651

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47651

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47651

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47651