CVE-2024-28735
CVE-2024-28735
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →