exploitDog

CVE-2024-29836

Опубликовано: 15 апр. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.

Ссылки

https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
Third Party Advisory
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cs-technologies:evolution:*:*:*:*:*:*:*:*

Версия до 2.04.560 (включая)

EPSS

Процентиль: 45%

0.00227

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-8vcp-v22r-9p96

CVSS3: 9.8

github

почти 2 года назад

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.

EPSS

Процентиль: 45%

0.00227

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-284

NVD-CWE-Other