CVE-2024-4465

Name of the Vulnerable Software and Affected Versions Guardian/CMC (affected versions not specified)

Description An access control issue was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration, resulting in a partial loss of data integrity. In instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as reports may not reach their intended destination, and limited information disclosure impacts. Modifying the destination SMTP server for the reports could lead to the compromise of external credentials, expanding the scope of the attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.