exploitDog

CVE-2024-29837

Опубликовано: 15 апр. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.

Ссылки

https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
Third Party Advisory
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cs-technologies:evolution:*:*:*:*:*:*:*:*

Версия до 2.04.560 (включая)

EPSS

Процентиль: 42%

0.00199

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

CWE-287

Связанные уязвимости

GHSA-8f6g-63pm-5fmx

CVSS3: 8.8

github

почти 2 года назад

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.

EPSS

Процентиль: 42%

0.00199

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

CWE-287