CVE-2024-29843

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below

Description The Web interface of Evolution Controller contains poorly configured access control on the "MOBILE GET USERS LIST" endpoint, allowing an unauthenticated attacker to enumerate all users and their access levels.

Recommendations For versions 2.04.560.31.03.2024 and below, consider restricting access to the "MOBILE GET USERS LIST" endpoint until a patch is available. As a temporary workaround, limit the information disclosed by the "MOBILE GET USERS LIST" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.