CVE-2024-29839

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below

Description The Web interface of Evolution Controller contains poorly configured access control on the DESKTOP EDIT USER GET CARD endpoint, allowing an unauthenticated attacker to return the card value data of any user.

Recommendations For Evolution Controller versions 2.04.560.31.03.2024 and below, consider restricting access to the DESKTOP EDIT USER GET CARD endpoint until a patch is available. As a temporary workaround, limit the use of the Web interface to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

CVE-2024-29839

Affected Products

Evolution Controller

CVE-2024-29839

Weakness Enumeration

Related Identifiers

Affected Products

References · 6