← voltar
CVE-2024-29843

Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration

CVSS 7.5 HIGHEPSS 0.5%CWE-200CWE-284
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
CS Technologies Australia · Evolution Controller

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html