CVE-2024-47652

EPSS 0.74%
Veröffentlicht 04.10.2024 13:15:11
Zuletzt bearbeitet 16.10.2024 14:12:06
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shilpisoft ≫ Client Dashboard Version < 9.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.74%	0.726

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vdisclose@cert-in.org.in	7.6	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-308 Use of Single-factor Authentication

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47652

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47652