CVE-2024-47657

EPSS 0.13%
Veröffentlicht 04.10.2024 13:15:12
Zuletzt bearbeitet 16.10.2024 15:44:16
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shilpisoft ≫ Net Back Office Version < 5.5.002

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.322

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vdisclose@cert-in.org.in	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47657

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47657

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47657

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47657