CVE-2024-12306
Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Unifiedtransform · UnifiedtransformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →