CVE-2024-29836

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below

Description The Web interface of Evolution Controller contains poorly configured access control, allowing an unauthenticated attacker to update and add user profiles within the application, and gain full access to the site. This issue also affects the DESKTOP EDIT USER GET KEYS FIELDS component, enabling an attacker to return the keys value of any user.

Recommendations For Evolution Controller versions 2.04.560.31.03.2024 and below, consider restricting access to the Web interface until a patch is available. As a temporary workaround, limit the functionality of the DESKTOP EDIT USER GET KEYS FIELDS component to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.