PT-2024-33029 · Sismart · Sismart

Ajriel Rizqy Maulana

Published

2024-11-01

Updated

2024-11-28

CVE-2024-48217

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SiSMART version 7.4.0

Description The issue is related to an Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART. This flaw allows attackers to execute a horizontal-privilege escalation.

Recommendations For SiSMART version 7.4.0, consider disabling access to the dashboard until a patch is available to prevent horizontal-privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2024-48217

Affected Products

Sismart

PT-2024-33029 · Sismart · Sismart

CVE-2024-48217

Weakness Enumeration

Related Identifiers

Affected Products

References · 7