PT-2024-32269 · Exment · Exment

Masataka Sato

Published

2024-10-17

Updated

2024-10-22

CVE-2024-46897

CVSS v3.1

3.8

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Exment versions 6.1.4 and earlier Exment versions 5.0.11 and earlier

Description The issue is related to incorrect permission assignment for critical resources. A logged-in user with the permission of table management may obtain and/or alter the information of an unauthorized table.

Recommendations For Exment versions 6.1.4 and earlier, update to a version later than 6.1.4 to resolve the issue. For Exment versions 5.0.11 and earlier, update to a version later than 5.0.11 to resolve the issue. As a temporary workaround, consider restricting the permission of table management to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2024-46897

Affected Products

Exment

PT-2024-32269 · Exment · Exment

CVE-2024-46897

Weakness Enumeration

Related Identifiers

Affected Products

References · 8