← voltar
CVE-2024-29837

Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections

CVSS 8.8 HIGHEPSS 0.5%CWE-1390CWE-284
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
CS Technologies Australia · Evolution Controller

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html