Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1
CVE-2024-38447
- EPSS 0.27%
- Veröffentlicht 17.07.2024 18:15:03
- Zuletzt bearbeitet 20.06.2025 18:09:39
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).
6.5
CVE-2024-38446
- EPSS 0.21%
- Veröffentlicht 17.07.2024 17:15:15
- Zuletzt bearbeitet 20.06.2025 18:09:19
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST requ...
5.5
CVE-2023-31441
- EPSS 0.03%
- Veröffentlicht 18.07.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 08:01:52
In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does n...
1