admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-568xx/CVE-2024-56883.json
cad-safe-bot 808aa8c1f5 Auto-Update: 2025-02-19T17:00:54.292989+00:00
2025-02-19 17:04:22 +00:00

60 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-56883",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-18T18:15:27.287",
"lastModified": "2025-02-19T15:15:15.140",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the \"id\" parameter is replaced with the ID of another user."
},
{
"lang": "es",
"value": "SAGE DPW antes de 2024_12_001 es vulnerable al control de acceso incorrecto. Los controles de acceso basados ??en roles implementados no siempre se aplican en el lado del servidor. Los usuarios de SAGE de bajo privilegio con permisos de roles de empleados pueden crear cursos externos para otros empleados, a pesar de que no tienen la opci\u00f3n de hacerlo en la interfaz de usuario. Para hacer esto, una solicitud v\u00e1lida para crear un curso simplemente debe modificarse, de modo que la ID de usuario actual en el par\u00e1metro \"ID\" se reemplace con la ID de otro usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://cves.at/posts/cve-cve-2024-56883/writeup/",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink