8.1

CVE-2024-56883

Exploit

EPSS 0.65%
Veröffentlicht 18.02.2025 18:15:27
Zuletzt bearbeitet 25.09.2025 13:27:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sagedpw ≫ Sage Dpw Version < 2024_12_001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.65%	0.701

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://cves.at/posts/cve-cve-2024-56883/writeup/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-56883

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-56883

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-56883

EUVD