CVE-2024-28735

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Unit4 Financials by Coda versions prior to 2023Q4

Description The issue is related to an incorrect access control authorization bypass, allowing an authenticated user to modify the password of any user of the application via a crafted request.

Recommendations For versions prior to 2023Q4, update to version 2023Q4 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2024-28735

Affected Products

Unit4 Financials

CVE-2024-28735

Weakness Enumeration

Related Identifiers

Affected Products

References · 9