PT-2024-38219 · Naukowa I Akademicka Sieć Komputerowa Państwowy Instytut Badawczy · Ezd Rp
Jakub Płatek
·
Published
2024-08-07
·
Updated
2025-03-17
·
CVE-2024-7266
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/R:A/V:D/RE:L/U:Green |
Name of the Vulnerable Software and Affected Versions
EZD RP versions 15 through 15.83
EZD RP versions 16 through 16.14
EZD RP versions 17 through 17.1
Description
The issue allows a logged-in user to list all users in the system, including those from other organizations. This is due to an Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP.
Recommendations
For EZD RP versions 15 through 15.83, update to version 15.84 or later to resolve the issue.
For EZD RP versions 16 through 16.14, update to version 16.15 or later to resolve the issue.
For EZD RP versions 17 through 17.1, update to version 17.2 or later to resolve the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ezd Rp