CVE-2024-37775

Name of the Vulnerable Software and Affected Versions Sunbird DCIM dcTrack version 9.1.2

Description The issue is related to incorrect access control in Sunbird DCIM dcTrack, which allows attackers to create or update a ticket with a location that bypasses an RBAC check. This means that attackers can potentially circumvent role-based access control measures.

Recommendations For version 9.1.2, consider restricting access to the ticket creation and update functionality until a patch is available. As a temporary workaround, disabling the ability to update ticket locations may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.