← voltar
CVE-2024-28144

Broken Access Control

CVSS 5.5 MEDIUMEPSS 0.2%CWE-384
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Image Access GmbH · Scan2Net

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://seclists.org/fulldisclosure/2024/Dec/2https://r.sec-consult.com/imageaccesshttps://www.imageaccess.de/?page=SupportPortal&lang=en