CVE-2024-29840

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below

Description The issue concerns poorly configured access control on the DESKTOP EDIT USER GET PIN FIELDS endpoint, allowing an unauthenticated attacker to retrieve the pin value of any user.

Recommendations For versions 2.04.560.31.03.2024 and below, consider restricting access to the DESKTOP EDIT USER GET PIN FIELDS endpoint until a proper fix is applied. As a temporary workaround, limit the functionality that relies on this endpoint to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.